Security News > 2021 > February > Google Discloses Details of Remote Code Execution Vulnerability in Windows

Google Discloses Details of Remote Code Execution Vulnerability in Windows
2021-02-25 04:28

Google's cybersecurity research unit Project Zero on Wednesday disclosed the details of a recently patched Windows vulnerability that can be exploited for remote code execution.

Dominik Röttsches of Google and Mateusz Jurczyk of Google Project Zero have been credited for reporting the issue to Microsoft.

According to Microsoft, the security hole impacts a Windows graphics component and it can be exploited by luring the targeted user to a website hosting a specially crafted file set up to exploit the flaw.

The Google researchers reported the vulnerability to Microsoft in late November and the bug report was made public on Wednesday, roughly two weeks after Microsoft released a patch.

The researchers tested their exploit on a fully patched Windows 10 in all major browsers.

Based on its exploitability assessment, Microsoft does not believe the vulnerability will be exploited in the wild.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/zxqUk3dioRM/google-discloses-details-remote-code-execution-vulnerability-windows

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 256 4320 4678 741 9995