Microsoft’s latest patch fixes more than 100 vulnerabilities
Microsoft has begun rolling out November 2020 Patch that fixes 112 different vulnerabilities in its services. As many as 17 vulnerabilities are classified as critical while 93 are listed as important. The remaining two are classified as moderate.
The latest patch also contains a fix for a zero-day privilege escalation vulnerability, tracked as CVE-2020-1708. The bug was recently exposed by Google’s Project Zero team, which claimed it was getting exploited in the wild. The vulnerability enabled hackers to escalate system privileges. Hackers also exploited another a Chrome zero-day vulnerability, tracked as CVE-2020-15999, to conduct the attacks.
“The Windows Kernel Cryptography Driver (cng.sys) exposes a \Device\CNG device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures. It constitutes a locally accessible attack surface that can be exploited for privilege escalation (such as sandbox escape),” Google’s Project Zero team had said in a post.