The vulnerability labeled CVE-2020-17087 affects at least Windows 7 and Windows 10.

Google has revealed a zero-day vulnerability in the Windows operating system that lets hackers to exploit it actively.

“We have evidence that the following bug is being used in the wild,” Google said in a statement.

The search-giant notified Microsoft and gave the company seven days to patch the bug. As the Seattle-based company failed to release a patch, Google published the details of the vulnerability last week.

Zero-day vulnerability, a software security flaw that is known to the software vendor but doesn’t have a patch in place to fix the flaw, was discovered by Google’s Project Zero security researchers.

According to Google, the zero-day bug in the Windows Kernel allows an attacker to gain more user access in Windows that can be used to elevate an attacker’s code with additional permissions.

By exploiting Windows vulnerability with a separate bug in Chrome, which Google patched last week, attackers escape Chrome’s security and run malicious code on the operating system.

According to Ben Hawkes, team lead for Project Zero, the zero-day is expected to be patched on November 10, the date of Microsoft’s next patch. However, he did not provide details on who was exploiting the zero-day as this vulnerability is usually discovered by nation-sponsored hacking groups.

Director of Google’s Threat Analysis Team, Shane Huntley said the attacks were targeted but unrelated to the US election related targeting.