It seems that Windows operating system bugs are not looking to end anytime soon for the user. This time Google has shared the details of bugs in Windows Kernel Cryptography Driver, which is currently being exploited by the hackers. The Project Zero team has already privately shared details of the security flaw with Microsoft a little over a week ago, but now that it is being actively exploited the company has gone public. The flaw has been tracked with the code CVE-2020-117087 and will not likely be addressed by Microsoft in a couple of weeks.
As per the official statement from the Project Zero page “The Windows Kernel Cryptography Driver (cng.sys) exposes a \Device\CNG device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures. It constitutes a locally accessible attack surface that can be exploited for privilege escalation (such as sandbox escape)“. The team made Microsoft aware of the flaw back on October 22 and is still being used in wild. As per the team, the flaw should be resolved and closed within 7 days from now.
However, it does not seem that the flaw will be resolved in seven days. The company is currently working on a fix and is ensuring to develop the update in a way that it protects the user with minimum disruption to their usage. However, the last few months have been really serious for Microsoft as more and more bugs and security flaws are being unwrapped by research companies.
