Google’s Project Zero team has disclosed a zero-day vulnerability in Windows that enables elevated code execution that is currently being exploited. Microsoft is expected to patch the bug next month.
Google’s Project Zero team known to discover security threats has disclosed a zero-day vulnerability in Windows that affects versions from Windows 7 all the way to Windows 10 version 1903. The company’s post says that it has evidence of active exploits, which could allow attackers to execute code with elevated permissions. What’s interesting is that the vulnerability that is tracked with the label CVE-2020-17087, coupled with another actively exploited Chrome zero-day vulnerability disclosed last week (CVE-2020-15999), performs what is known as a sandbox escape.
