According to GPZ, CVE-2020-17087 is a vulnerability in the Windows Kernel Cryptography Driver and, “constitutes a locally accessible attack surface that can be exploited for privilege escalation (such as sandbox escape)”. What that means in essence is that it might allow an attacker to trigger a pool-based buffer overflow, leading to a system crash, thereby enabling possible exploitation. “The bug resides in the cng!CfgAdtpFormatPropertyBlock function and is caused by a 16-bit integer truncation issue“, said the Project Zero team. To demonstrate possible attack scenarios, the researchers used a proof-of-concept exploit that they say works on an up-to-date build of Windows 10 1903 (64-bit). According to them, Microsoft will patch the bug through its next Patch Tuesday update on November 10. The vulnerability is apparently not being used for any US election-related attacks, which is why the company says it is looking to balance ‘timeliness and quality’ while rolling out a fix. It is worth noting that the GPZ is getting some flak from sections of the cyber-security community for disclosing the bug just a week after reporting it to Microsoft, but according to Ben Hawkes, one of the researchers, they did it because “(further) attacks using these details between now and the patch being released is reasonable unlikely”.
