Security News > 2021 > February > Google shares PoC exploit for critical Windows 10 Graphics RCE bug
Project Zero, Google's 0day bug-hunting team, shared technical details and proof-of-concept exploit code for a critical remote code execution bug affecting a Windows graphics component.
The Project Zero researchers discovered the vulnerability, tracked as CVE-2021-24093, in a high-quality text rendering Windows API named Microsoft DirectWrite.
Impacts Windows 10 versions up to 20H2. The security flaw impacts multiple Windows 10 and Windows Server releases up to version 20H2, the latest released version.
After the 90-day disclosure deadline, Project Zero published a proof-of-concept exploit code that can be used to reproduce the bug in browsers running on fully-patched Windows 10 1909 systems.
"It reproduces the crash shown above on a fully updated Windows 10 1909, in all major web browsers. The font itself has been subset to only include the faulty glyph and its dependencies."
In November, Microsoft also fixed a Windows kernel zero-day bug actively exploited in targeted attacks and publicly disclosed by Project Zero one month earlier.
News URL
Related news
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- Week in review: Windows Server 2025 gets hotpatching option, PoC for SolarWinds WHD flaw released (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- CISA: Network switch RCE flaw impacts critical infrastructure (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Windows 10 KB5044273 update released with 9 fixes, security updates (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-25 | CVE-2021-24093 | Unspecified vulnerability in Microsoft products Windows Graphics Component Remote Code Execution Vulnerability | 8.8 |