 |
| Google reveals a security vulnerability in the Windows operating system |
Google's Zero Project team has released general details on fixing bugs in the Windows Print Spooler API, which attackers can use to execute arbitrary code.
After Microsoft did not fix the bug within 90 days of responsible detection on September 24, details of the error were released.
The vulnerability was originally tracked as CVE-2020-0986. This is related to the increased use of privileges in the API for Windows Print Spooler. The vulnerability was reported to Microsoft in late December 2019 by an anonymous user on the Trend Micro Zero-Day Project.
Trend Micro's "Zero Day Campaign", which has not included a patch for nearly six months, released a public security bug notice earlier this year.
The vulnerability was later exploited as part of a "Operation PowerFall" campaign against a South Korean company that was limited by shares.
Successful exploitation of this vulnerability could allow an attacker to modify the memory of the splwow64.exe process to run random code in kernel mode, install malware, view, modify, or delete data, or create a new fully privileged account. 'user.
Microsoft has fixed this bug with an update released in June. However, a new discovery from Google's security team shows that the vulnerability has not been fully addressed.
"The project vulnerability is still zero, but the method of exploitation has changed," said McGrady Stone, a researcher on the Project Zero team, in a report.
Microsoft is expected to fix a new issue called CVE-2020-17008 on January 12, 2021.
“Because known vulnerabilities are actively exploited after bugs or incomplete patches, there have been several incidents this year,” said Stone.
She added: If these vulnerabilities are not fully addressed, the attacker can easily reuse his knowledge of the vulnerabilities and the methods that were exploited with them to develop new vulnerabilities.