Security News > 2020 > December > Windows Zero-Day Still Circulating After Faulty Fix
A high-severity Windows zero-day that could lead to complete desktop takeover remains dangerous after a "Fix" from Microsoft failed to adequately patch it.
The local privilege-escalation bug in Windows 8.1 and Windows 10 exists in the Print Spooler API. It could allow a local attacker to elevate privileges and execute code in the context of the current user, according to Microsoft's advisory issued in June.
From a more technical perspective, "The specific flaw exists within the user-mode printer driver host process splwow64.exe," according to an advisory from Trend Micro's Zero Day Initiative, which reported the bug to Microsoft last December.
Microsoft's June update included a patch that "Addresses the vulnerability by correcting how the Windows kernel handles objects in memory." However, Maddie Stone, researcher with Google Project Zero, has now disclosed that the fix was faulty, after Microsoft failed to re-patch it within 90 days of being alerted to the problem.
Project Zero meanwhile has issued public proof-of-concept code for the issue.
News URL
https://threatpost.com/windows-zero-day-circulating-faulty-fix/162610/
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- New Windows Themes zero-day gets free, unofficial patches (source)
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)