Authored by Mateusz Jurczyk, Google Security Research, hawkes

The Microsoft Windows Kernel Cryptography Driver (cng.sys) exposes a DeviceCNG device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures. It constitutes a locally accessible attack surface that can be exploited for privilege escalation (such as sandbox escape).

advisories | CVE-2020-17087