Windows Zero-Day Still Circulating After Faulty Fix

2020-12-24 16:31

A high-severity Windows zero-day that could lead to complete desktop takeover remains dangerous after a "Fix" from Microsoft failed to adequately patch it.

The local privilege-escalation bug in Windows 8.1 and Windows 10 exists in the Print Spooler API. It could allow a local attacker to elevate privileges and execute code in the context of the current user, according to Microsoft's advisory issued in June.

From a more technical perspective, "The specific flaw exists within the user-mode printer driver host process splwow64.exe," according to an advisory from Trend Micro's Zero Day Initiative, which reported the bug to Microsoft last December.

Microsoft's June update included a patch that "Addresses the vulnerability by correcting how the Windows kernel handles objects in memory." However, Maddie Stone, researcher with Google Project Zero, has now disclosed that the fix was faulty, after Microsoft failed to re-patch it within 90 days of being alerted to the problem.

Project Zero meanwhile has issued public proof-of-concept code for the issue.

News URL

https://threatpost.com/windows-zero-day-circulating-faulty-fix/162610/

#windows #zeroday

News URL

Related news