As pointed out by colleagues at TheHackerNews, Google's Project Zero team has made public details of an improperly corrected zero-day security vulnerability in the Windows Print Spooler API that could be exploited to execute arbitrary code. br>
Maddie Stone, researcher at Google Project Zero, said:
The vulnerability still exists, only the method of exploitation has changed. The original problem was caused by an arbitrary pointer dereference that allowed the attacker to control the src and dest pointers to a memcpy. The 'fix' simply changed the pointers to offset, which still allows argument checking on the memcpy.
Originally known as CVE-2020-0986, the bug is about elevation of privilege in the GDI Print API / Print Spooler (“splwow64.exe”) and was reported to Microsoft by an anonymous user working at Trend Micro's Zero Day Initiative (ZDI) at the end of December 2019.
“splwow64.exe” is a Windows system binary that allows 32-bit applications to connect with the 64-bit printer spooler service on 64-bit Windows systems. Implements a Local Procedure Call (LPC) server that can be used by other processes to access print functions.
Successful exploitation of this vulnerability could lead an attacker to manipulate the memory of the “splwow64.exe process” "To achieve arbitrary code execution in kernel mode, eventually using it to install malicious programs, view, modify or delete data, or create new accounts with full user rights.
Although Microsoft has finally solved the problem as As part of its “June Patch Tuesday” update, new results from Google's security team reveal that the bug has not been completely eliminated.
According to the latest information, Microsoft should completely eliminate the problem, identified as CVE-2020-17008, on January 12, 2021, after the release of the patch was postponed due to "problems identified during testing ”
Do you need a Windows 10 Pro license for your brand new gaming PC? On Amazon it is available for a few euros, don't miss it.
Maddie Stone, researcher at Google Project Zero, said:
The vulnerability still exists, only the method of exploitation has changed. The original problem was caused by an arbitrary pointer dereference that allowed the attacker to control the src and dest pointers to a memcpy. The 'fix' simply changed the pointers to offset, which still allows argument checking on the memcpy.
Originally known as CVE-2020-0986, the bug is about elevation of privilege in the GDI Print API / Print Spooler (“splwow64.exe”) and was reported to Microsoft by an anonymous user working at Trend Micro's Zero Day Initiative (ZDI) at the end of December 2019.
“splwow64.exe” is a Windows system binary that allows 32-bit applications to connect with the 64-bit printer spooler service on 64-bit Windows systems. Implements a Local Procedure Call (LPC) server that can be used by other processes to access print functions.
Successful exploitation of this vulnerability could lead an attacker to manipulate the memory of the “splwow64.exe process” "To achieve arbitrary code execution in kernel mode, eventually using it to install malicious programs, view, modify or delete data, or create new accounts with full user rights.
Although Microsoft has finally solved the problem as As part of its “June Patch Tuesday” update, new results from Google's security team reveal that the bug has not been completely eliminated.
According to the latest information, Microsoft should completely eliminate the problem, identified as CVE-2020-17008, on January 12, 2021, after the release of the patch was postponed due to "problems identified during testing ”
Do you need a Windows 10 Pro license for your brand new gaming PC? On Amazon it is available for a few euros, don't miss it.