Currently we expect a patch for this issue to be available on November 10. We have confirmed with the Director of G… https://t.co/kQWd6Gakl0
— Ben Hawkes (@benhawkes) 1604073648000
“Currently we expect a patch for this issue to be available on November 10. We have confirmed with the Director of Google’s Threat Analysis Group, Shane Huntley that this is targeted exploitation and this is not related to any US election related targeting,” tweeted Hawkes.
Google had notified Microsoft about the vulnerability last week and gave Microsoft 7 days time to fix the issue. As Microsoft did not fix it in the allotted, Google has revealed the details of the bug publicly.
Google has provided the source code of a proof-of-concept program. “It was tested on an up-to-date build of Windows 10 1903 (64-bit), but the vulnerability is believed to be present since at least Windows 7. A crash is easiest to reproduce with Special Pools enabled for cng.sys, but even in the default configuration the corruption of 64kB of kernel data will almost surely crash the system shortly after running the exploit,” said Google in its report.