A new security flaw was found by Google last month in the Windows operating system, known as zero-day vulnerability. Google’s Project Zero was the one responsible to find these issues and provides all the details on how this vulnerability is currently being exploited to its fullest. The vulnerability allowed the hackers to simply take advantage of the Windows Kernel Cryptography Driver security flaw (CVE-2020-117087) to gain elevated privileges in Windows 7, 8, and 10, as well as Windows Server 2008 and higher.
The flaw was being utilized for a long time actively by the hackers in Windows and was not detected for a long time. However, after the vulnerability was reported to Microsoft last month, the company started working on the patch and released it on Tuesday which seems to fix the issue permanently. Although, the Google team gave the companies a time of 90 days before releasing the details of the vulnerability in public, this time they gave only seven days to Microsoft. As per them, the vulnerability was already in the wild and was being used by a large number of users and hackers for a long time.
It is why the details had to be made public immediately in a short period of time. In the meanwhile, Microsoft has also acknowledged Mateusz Jurczyk and Sergei Glazunov of Google Project Zero to bring vulnerability to its attention. The patch will be available to all Windows users and can also be downloaded manually through the Microsoft website. For now, it seems that the issue has been permanently fixed.