• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Google Discloses Poorly Patched, Now Unpatched, Windows 0 Day Bug

Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug

You are here: Home / General Cyber Security News / Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug

Google’s Venture Zero team has built public specifics of an improperly patched zero-day security vulnerability in Windows print spooler API that could be leveraged by a lousy actor to execute arbitrary code.

Facts of the unpatched flaw were being uncovered publicly immediately after Microsoft unsuccessful to patch it in 90 times of responsible disclosure on September 24.

At first tracked as CVE-2020-0986, the flaw fears an elevation of privilege exploits in the GDI Print / Print Spooler API (“splwow64.exe”) that was described to Microsoft by an nameless consumer working with Craze Micro’s Zero Day Initiative (ZDI) again in late December 2019.

✔ Approved Seller by TheCyberSecurity.News From Our Partners
Avast Premium Security 2021

Protect yourself against all threads using AVAST Premium Security. AVAST Ultimate Suite protects your Windows, macOS and your Android via Avast Premium.

Get AVAST Premium Security with 60% discount from our partner: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


But with no patch in sight for about six months, ZDI ended up putting up a general public advisory as a zero-day on May well 19 earlier this yr, soon after which it was exploited in the wild in a marketing campaign dubbed “Procedure PowerFall” in opposition to an unnamed South Korean company.

“splwow64.exe” is a Windows core process binary that permits 32-bit apps to join with the 64-bit printer spooler assistance on 64-bit Windows devices. It implements a Local Process Connect with (LPC) server that can be utilised by other procedures to access printing features.

Effective exploitation of this vulnerability could final result in an attacker manipulating the memory of the “splwow64.exe” procedure to accomplish execution of arbitrary code in kernel method, in the end employing it to put in destructive courses check out, improve, or delete info or generate new accounts with full user legal rights.

Even so, to accomplish this, the adversary would 1st have to log on to the concentrate on method in query.

Although Microsoft inevitably resolved the shortcoming as element of its June Patch Tuesday update, new findings from Google’s security workforce reveals that the flaw has not been totally remediated.

“The vulnerability still exists, just the exploitation technique experienced to alter,” Google Venture Zero researcher Maddie Stone mentioned in a write-up.

“The authentic issue was an arbitrary pointer dereference which permitted the attacker to command the src and dest ideas to a memcpy,” Stone in-depth. “The ‘fix’ only changed the pointers to offsets, which nonetheless will allow regulate of the args to the memcpy.”

The freshly reported elevation of privilege flaw, identified as CVE-2020-17008, is anticipated to be solved by Microsoft on January 12, 2021, because of to “issues discovered in tests” just after promising an preliminary take care of in November.

Stone has also shared a evidence-of-principle (PoC) exploit code for CVE-2020-17008, centered off of a POC released by Kaspersky for CVE-2020-0986.

“There have been too many occurrences this 12 months of zero-days known to be actively exploited becoming mounted improperly or incompletely,” Stone stated. “When [in the wild] zero-times are not set completely, attackers can reuse their understanding of vulnerabilities and exploit strategies to easily build new -times.”

Located this report exciting? Comply with THN on Fb, Twitter  and LinkedIn to go through a lot more exceptional information we put up.


Some areas of this post are sourced from:
thehackernews.com

Previous Post: «North Korean Hackers Trying To Steal Covid 19 Vaccine Research North Korean Hackers Trying to Steal COVID-19 Vaccine Research
Next Post: New Lawsuit Takes Aim at Ring After Smart Doorbell Hijacking Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Posts

  • Big Tech Bans Social Networking App
  • Lack of Funding Could Lead to “Lost Generation” of Cyber-Startups
  • Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor
  • ‘I’ll Teams you’: Employees assume security of links, file sharing via Microsoft comms platform
  • DarkSide decryptor unlocks systems without ransom payment – for now
  • Researchers see links between SolarWinds Sunburst malware and Russian Turla APT group
  • Millions of Social Profiles Leaked by Chinese Data-Scrapers
  • Feds will weigh whether cyber best practices were followed when assessing HIPAA fines
  • SolarWinds Hack Potentially Linked to Turla APT
  • 10 quick tips to identifying phishing emails

Copyright © TheCyberSecurity.News, All Rights Reserved.