Details about a Windows driver bug have been released by the Google Project Zero team before any patch for the bug has been made available by Microsoft. The vulnerability allows local privilege escalation and sandbox escape. The disclosure came seven days after the bug was discovered and according to researchers, is already being exploited by attackers. With specially crafted calls, an attacker can trigger a pool-based overflow which leads to a system crash and opens the door for exploitation. According to the Project Zero Team, “the bug resides in the cng!CfgAdtpFormatPropertyBlock function and is caused by a 16-bit integer truncation issue.”
A proof of concept was put together that shows the ease of triggering the attack. The POC was crafted for a current 64-bit version of Windows 10, but researchers explained that it could affect versions back to Windows 7.