1. What actually happened or you saw:
CVE-2020-17087 is a Windows Kernel-mode Driver Buffer Overflow vulnerability that could potentially bypass CIS protection layers (‘Fully Virtualized’ Containment level is bypassed, ‘Run Virtually > Restricted’ possibly is not bypassed if “\Device\CNG” is added to HIPS Protected Objects, although the later is still unconfirmed.
https://www.zdnet.com/article/google-discloses-windows-zero-day-exploited-in-the-wild/
2. What you wanted to happen or see:
I wanted “\Device\CNG” added by default to HIPS Protected Objects.
3. Why you think it is desirable:
CVE-2020-17087 has not been patched by Microsoft yet and according to researchers from Google Project Zero it is being actively exploited in the wild. Adding “\Device\CNG” to HIPS Protected Objects might solve the problem although still unconfirmed.
Even if Microsoft patch this vulnerability in the future, there will still be older systems vulnerable to it such as Windows 7. Comodo may seek to implement a solution for home/enterprise users who are still on Windows 7 OS.
4. Any other information:
Thanks to Futuretech for pointing out that adding “\Device\CNG” to HIPS Protected Objects might possibly solve this issue for ‘Limited’ or above Restriction levels.