Google has dropped details of a previously undisclosed vulnerability in Windows, which it says hackers are actively exploiting. As a result, Google gave Microsoft just a week to fix the vulnerability. That deadline came and went, and Google published details of the vulnerability this afternoon. The vulnerability has no name but is labeled CVE-2020-17087, and affects at least Windows 7 and Windows 10. Google’s Project Zero, the elite group of security bug hunters which made the discovery, said the bug allows an attacker to escalate their level of user access in Windows.