Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug
Google’s Project Zero team has made public details of an improperly patched zero-day security vulnerability in Windows print spooler API that could be leveraged by a bad actor to execute arbitrary code.
Details of the unpatched flaw were revealed publicly after Microsoft failed to patch it within 90 days of responsible disclosure on September 24.
Originally tracked as CVE-2020-0986, the flaw concerns an elevation of privilege exploit in the GDI Print / Print Spooler API (“splwow64.exe”) that was reported to Microsoft by an anonymous user working with Trend Micro’s Zero Day Initiative (ZDI) back in late December 2019.
But with no patch in sight for about six months, ZDI ended up posting a public advisory as a zero-day on May 19 earlier this year, after which it was exploited in the wild in a campaign dubbed “Operation PowerFall” against an unnamed South Korean company.
Read more here.
Follow us or visit our website for latest news! https://zentech-it.com/news/
Source: The Hacker News