The Windows kernel bug zero-day can be exploited by local attackers for privilege escalation (including sandbox escape) The flaw is a pool-based buffer overflow that exists in the Windows Kernel Cryptography Driver (cng.sys) It is currently tracked as CVE-2020-17087. The bug was added to the Project Zero issue tracker only 8 days ago, it was disclosed after only 7 days because it was being used by attackers in the wild. A patch for the bug is expected to be available on November 10.
Source: https://www.bleepingcomputer.com/news/security/windows-kernel-zero-day-vulnerability-used-in-targeted-attacks/