Google discloses Windows zero-day exploited in the wild

From zdnet.com

Security researchers from Google have disclosed today a zero-day vulnerability in the Windows operating system that is currently under active exploitation.

The zero-day is expected to be patched on November 10, which is the date of Microsoft’s next Patch Tuesday, according to Ben Hawkes, team lead for Project Zero, Google’s elite vulnerability research team.

On Twitter, Hawkes said the Windows zero-day (tracked as CVE-2020-17087) was used as part of a two-punch attack, together with another a Chrome zero-day (tracked as CVE-2020-15999) that his team disclosed last week.

Read more…