Google Discloses Actively Targeted Windows Vulnerability

Google Project Zero security researchers have identified another Windows vulnerability that has been actively exploited in attacks.

The security bug is an integer overflow with roots in one of the IOCTLs that the Windows Kernel Cryptography Driver (cng.sys) supports, and it could lead to privilege escalation, including a sandbox escape.

read more