Old fixed Windows vulnerability is abused again

The vulnerability CVE-2020-0986 was exploited as a zero-day in May and was presumably fixed since then, however, the security researchers recently demonstrated a different method of abusing it with a publicly available proof of code. The vulnerability enables threat actors to increase their permissions to kernel level on an infected machine, which was done using an Internet Explorer bug that allowed remote code execution. That can still be done by sending an offset instead of a pointer, which was the old method the attackers used. Microsoft's fix for the vulnerability wasn't complete because it changed pointers to offsets, but the function's parameters still can be controlled. Read more...