SB2020103102 - Memory corruption in Windows kernel driver
Published: October 31, 2020 Updated: November 10, 2020
Security Bulletin ID
SB2020103102
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2020-17087)
The vulnerability allows a local user to escalate privilege son the system.
The vulnerability exists due to a boundary error within the Windows Kernel Cryptography Driver cng.sys, which exposes a "\Device\CNG" device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.
Note, this vulnerability is being actively exploited in the wild.
Remediation
Install update from vendor's website.