Security News > 2021 > February > Google Discloses Details of Remote Code Execution Vulnerability in Windows
Google's cybersecurity research unit Project Zero on Wednesday disclosed the details of a recently patched Windows vulnerability that can be exploited for remote code execution.
Dominik Röttsches of Google and Mateusz Jurczyk of Google Project Zero have been credited for reporting the issue to Microsoft.
According to Microsoft, the security hole impacts a Windows graphics component and it can be exploited by luring the targeted user to a website hosting a specially crafted file set up to exploit the flaw.
The Google researchers reported the vulnerability to Microsoft in late November and the bug report was made public on Wednesday, roughly two weeks after Microsoft released a patch.
The researchers tested their exploit on a fully patched Windows 10 in all major browsers.
Based on its exploitability assessment, Microsoft does not believe the vulnerability will be exploited in the wild.
News URL
Related news
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse (source)
- Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent (source)
- Microsoft Patches 125 Flaws Including Actively Exploited Windows CLFS Vulnerability (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution (source)
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)