Windows Zero Day Kernel Local Privilege Escalation

By Digital Defense Inc.

Windows Zero Day Kernel Local Privilege Escalation

On Oct 22nd, Google’s Security Team “Project-Zero” disclosed a Windows zero-day privilege escalation vulnerability, given CVE-2020-17087 and rated CVSSv3 7.8/7.2. Google stated that they had seen evidence of the vulnerability actively being exploited in the wild, and gave Microsoft a 7-day window to provide a solution.  An exploit is readily available to the public for the vulnerability and a patch was released by Microsoft on Nov 10th.  Exploitation would require an attacker to already be present on a system as a lower level user.  Please patch your systems as soon as possible to mitigate this privilege escalation vulnerability.  For more information, please reference

Frontline.Cloud released a High rated authenticated check “MS20-NOV: Microsoft Windows Security Update (143189)” with release on November 12th, 2020.

Try Frontline.Cloud™ with a Free 14-Day Evaluation

Share This