Windows 7 and Server 2008 zero-day bug gets a free patch

An unpatched local privilege escalation (LPE) vulnerability affecting all Windows 7 and Server 2008 R2 devices received a free and temporary fix today through the 0patch platform. The zero-day bug affects all impacted devices, enrolled in Microsoft's Extended Security Updates (ESU) program or not until the company will release its own security updates to ESU … Continue reading Windows 7 and Server 2008 zero-day bug gets a free patch

Google addresses two new Chrome zero-day flaws

Google has released Chrome version 86.0.4240.198 that addresses two additional zero-day vulnerabilities that were exploited in the wild. Google has addressed two zero-day vulnerabilities, actively exploited in the wild, with the release of Chrome version 86.0.4240.198. The IT giant has fixed a total of five Chrome zero-day vulnerabilities in only three weeks. Both zero-day flaws, … Continue reading Google addresses two new Chrome zero-day flaws

Windows kernel zero-day vulnerability used in targeted attacks

Project Zero, Google's 0day bug-hunting team, today disclosed a zero-day elevation of privileges (EoP) vulnerability found in the Windows kernel and actively exploited in targeted attacks. The flaw is a pool-based buffer overflow that exists in the Windows Kernel Cryptography Driver (cng.sys) and it is currently tracked as CVE-2020-17087. Proof of concept exploit available The … Continue reading Windows kernel zero-day vulnerability used in targeted attacks

Two 0-Days Under Active Attack, Among 120 Bugs Patched by Microsoft

One of the two zero-day bugs is rated ‘critical’ and is classified as a remote code-execution bug impacting Microsoft’s Internet Explorer. Two Microsoft vulnerabilities are under active attack, according the software giant’s August Patch Tuesday Security Updates. Patches for the flaws are available for the bugs, bringing this month’s total number of vulnerabilities to 120. … Continue reading Two 0-Days Under Active Attack, Among 120 Bugs Patched by Microsoft

Getting to the Root: How Researchers Identify Zero-Days in the Wild

Google Project Zero researcher Maddie Stone explains the importance of identifying flaws exploited in the wild and techniques used to do it. When a zero-day vulnerability is exploited in the wild, it's essential to identify the bug at the root of the attack. This "root cause analysis" informs researchers how an attack unfolded. "We care … Continue reading Getting to the Root: How Researchers Identify Zero-Days in the Wild