Security News > 2021 > February > Google Discloses Details of Remote Code Execution Vulnerability in Windows
Google's cybersecurity research unit Project Zero on Wednesday disclosed the details of a recently patched Windows vulnerability that can be exploited for remote code execution.
Dominik Röttsches of Google and Mateusz Jurczyk of Google Project Zero have been credited for reporting the issue to Microsoft.
According to Microsoft, the security hole impacts a Windows graphics component and it can be exploited by luring the targeted user to a website hosting a specially crafted file set up to exploit the flaw.
The Google researchers reported the vulnerability to Microsoft in late November and the bug report was made public on Wednesday, roughly two weeks after Microsoft released a patch.
The researchers tested their exploit on a fully patched Windows 10 in all major browsers.
Based on its exploitability assessment, Microsoft does not believe the vulnerability will be exploited in the wild.
News URL
Related news
- Patching problems: The “return” of a Windows Themes spoofing vulnerability (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- Outdated Google Workspace Sync blocks Windows 11 24H2 upgrades (source)