Security News > 2021 > February > Google Discloses Details of Remote Code Execution Vulnerability in Windows
Google's cybersecurity research unit Project Zero on Wednesday disclosed the details of a recently patched Windows vulnerability that can be exploited for remote code execution.
Dominik Röttsches of Google and Mateusz Jurczyk of Google Project Zero have been credited for reporting the issue to Microsoft.
According to Microsoft, the security hole impacts a Windows graphics component and it can be exploited by luring the targeted user to a website hosting a specially crafted file set up to exploit the flaw.
The Google researchers reported the vulnerability to Microsoft in late November and the bug report was made public on Wednesday, roughly two weeks after Microsoft released a patch.
The researchers tested their exploit on a fully patched Windows 10 in all major browsers.
Based on its exploitability assessment, Microsoft does not believe the vulnerability will be exploited in the wild.
News URL
Related news
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)
- Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- Patching problems: The “return” of a Windows Themes spoofing vulnerability (source)