A newly disclosed zero-day in the Windows Kernel Cryptography driver that is already being actively exploited by malicious actors is among 112 unique common vulnerabilities and exposures (CVEs) fixed by Microsoft in its November 2020 Patch Tuesday update.
Assigned CVE-2020-17087, the bug affects Extended Security Update (ESU) Windows 7 and Server 8 through to the latest Windows 10 20H2 versions, and information on how to take advantage of it has already been widely distributed.