TheWindowsClub News

TheWindowsClub Tech News covers the latest Microsoft Windows 10 news, along with other products & services like Office, etc.

Google Project Zero has disclosed unpatched Windows 0-day vulnerability

Google’s Project Zero team has shared information on a zero-day security vulnerability CVE-2020-0986 that affects systems running Microsoft Windows. The Project Zero team is known for crawling the cyberspace for potential vulnerabilities and making organizations and people aware of those vulnerabilities.

Microsoft Security Patch June 2020

Google on Microsoft Windows vulnerability

According to the reports, Project Zero intimated Microsoft about the vulnerability on September 24, but the company has failed to release an effective patch so far. It basically puts all Windows users at risk.

The history of the patch goes way further than September 24, though. According to cybersecurity experts, an anonymous user reported this Windows vulnerability in December 2019. Throughout the past year, several security firms and experts talked about the issue. It was known that the vulnerability is making use of a privilege exploit in the GDI Print/Print Spooler API.

More importantly, an attacker could leverage this vulnerability to run arbitrary code on the victim’s computer or even make system-level changes. Judging the impact this vulnerability could cause on a Windows 10 or earlier PC, it is surprising that Microsoft hasn’t released a patch for the issue so far.

In between discovering the vulnerability in December 2019 and the public announcement in December 2020, ZDI also released a zero-day advisory to the customers. This, however, was followed by a series of attacks that focused on a South Korean company. The hacking campaign was called Operation PowerFall, an attack that Kaspersky technology prevented.

Following the issue, Kaspersky shared the info with Microsoft in June 2020 as well. Although the company released a patch in July 2020, it was not effective in dealing with the problem. It means the vulnerability is still unpatched.

Considering that the Project Zero team has discussed the problem in detail, we should soon expect a proper Microsoft response. If not an instant patch, the company would tell users how to protect their computers from the 0-day bug until the backdoor can be closed, once and for all.

It is still unclear why Microsoft did not address the problem within a 90-day window.

Updated on Tags:

TanmayPatange@TWCN

Tanmay loves writing about Technology, Internet, Apps, Social Media, and Cybersecurity. He also tracks OTT video content streaming space and likes to spend his weekends watching plays. You can contact him on Twitter @techtsp.

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap