Security News > 2020 > May > Researchers Divulge Details on Five Windows Zero Days
Security researchers working with Trend Micro's Zero Day Initiative have published information on five unpatched vulnerabilities in Microsoft Windows, including four considered high risk.
Tracked as CVE-2020-0916, CVE-2020-0986, and CVE-2020-0915, and featuring a CVSS score of 7.0, the first three of these zero-day vulnerabilities could allow an attacker to escalate privileges on the affected system.
The security flaws were identified in the user-mode printer driver host process splwow64.
Adversaries looking to exploit these security flaws would first need to gain low privilege access to the system.
The security researchers also revealed that Microsoft was informed on the vulnerability in January, but said that a patch won't be released for the issue.
News URL
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- New Windows Themes zero-day gets free, unofficial patches (source)
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-09 | CVE-2020-0915 | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. | 7.8 |
| 2020-06-09 | CVE-2020-0916 | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. | 7.8 |
| 2020-06-09 | CVE-2020-0986 | Out-of-bounds Write vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |