Google discloses that Microsoft incorrectly patched exploited Windows liability

23
Google discloses

Google Project Zero has revealed a Windows zero-day liability due to the inaccurate patch for CVE-2020-0986. It is a security issue abused in a campaign named as Operation PowerFall. The new liability was bought forward by Microsoft in September and is tagged as CVE-2020-17008.

Read More: Why Enterprises Should Rush to Adopt Multi-factor Authentication

According to the policy of Project Zero, the complete details were revealed after ninety days in December. Microsoft has already missed the deadline for patching the liability. Attacks focused on the previous liability were observed within a few days of disclosure. Maddie Stone, a Google Project Zero researcher, has said that CVE-2020-17008 is very similar to CVE-2020-0986 vulnerability.

Source: securityweek