Advancement in technology also got threats to the privacy of users. Many new hacks and bugs come to the technology world, and experts develop methods to vanish them. Google recently disclosed the unrevealed vulnerability bug threats to at least Windows 7 and Windows 10. Google mentioned that hackers are using this bug and exploiting the users.
They gave the deadline to Microsoft so that they can fix the issue. But, the deadline passed, and they did take any action. Finally, Google disclosed vulnerability recently. The security researcher team from Google informed people about this zero-day vulnerability in the Windows system that is under active exploitation. They are calling it CVE-2020-17087, and its main victim is Windows 7a and Windows 10.
Hackers are smarter as they are using this bug by combining it with the separate bug in chrome. The latest bug is more advanced, helping hackers escape from Google’s sandbox and operate the malware system.
Ben Hawkes, Project’s zero technical lead, tweeted that Windows zero-day (CVE-2020-17087) was used as part of a two-punch attack, together with another a Chrome zero-day (CVE-2020-15999) that his team fixed last week. Their team notified Microsoft last week and gave them 7 days to fix it.
While Microsoft did show any response to these statements, they mentioned in a statement that ‘’ Microsoft has a customer commitment to investigate reported security issues and update impacted devices to protect customers.
While we work to meet all researchers’ deadlines for disclosure, including short-term deadlines like in this scenario, developing a security update is a balance between timeliness and quality, and our ultimate goal is to help ensure maximum customer protection with minimal customer disruption.’’
Ben Hawkes mentioned in a Tweet that ‘’ Currently we expect a patch for this issue to be available on November 10. We have confirmed with the Director of Google’s Threat Analysis Group, Shane Huntley, that this is targeted exploitation, which is not related to any US election-related targeting.’’
In addition to last week’s Chrome/freetype 0day (CVE-2020-15999), Project Zero also detected and reported the Windows kernel bug (CVE-2020-17087) that was used for a sandbox escape. The technical details of CVE-2020-17087 are now available here: https://t.co/bO451188Mk
— Ben Hawkes (@benhawkes) October 30, 2020
It is not clear who these hackers are and what their motive is. Well, it is the latest bug in the list of Microsoft flaws attacking all users’ privacy. The second Google security team also confirmed this attack. Another Microsoft spokesperson added that the reported attack is minimal and targeted in nature, and we have seen no evidence to indicate widespread usage.’’
Google also disclosed the public details of a medium-level security flaw in the Microsoft Edge browser in 2018. In comparison, the vulnerability was discovered in November 2017 by the search giant’s Project Zero. This bug is helping hackers to exploit their required level of user access. It allows them to run malware on the operating system and threaten Windows 7 and Windows 10 users. Hackers can write code to target a specific security weakness. They are packaging it into malware, zero-day exploit. Well, zero-day refers to the state that developers have no time to fix this system flaw.