Few month back Google disclosed a critical window vulnerability to the public just after ten days revealing the flaw to Microsoft.
Now again, Google’s Project Zero publicly published a vulnerability (POC exploit) after Microsoft had not patched the vulnerability disclosed by Google. This vulnerability can affect the operating system from Window vista service pack 2 to newest Windows 10.
Google Project Zero member Mateusz Jurczyk reported a bug in Window Graphics Device Interface(GDI) library to Microsoft Security Team on 9th of June last year. The vulnerability affects any program that uses the library and let attackers steal information from the memory, after the reporting, Microsoft has released the patch for the vulnerability GDI interface but the patch did not fix all the issues and again forces Mateusz Jurczyk to report the bug to Microsoft with Proof-of-concept on 16th November.
Statement– “As a result, it is possible to disclose uninitialized or out-of-bounds heap bytes via pixel colors, in Internet Explorer and other GDI clients which allow the extraction of displayed image data back to the attacker,” Jurczyk notes in the new report.
What is Google Project Zero?
Google Project Zero is the team of researchers, hacker’s and security analyst which focuses on finding the vulnerability and reports them to the vendors to patch the bug withing 90 days from the date of discovery and after patching disclose it in public. If, not the company will automatically disclose the vulnerability publicly.
For exploiting the vulnerability the attackers need to get access to the host machine, but Microsoft will have to release an emergency patch before more malicious exploit gets developed by attackers.
If no emergency patch will be provided by the Microsoft within a month, this newly disclosed bug will be left open for hacker’s to be used in wild and can put users in danger – As one of the best examples when Russian hackers exploited the unpatched window kernel bug in wild.
Get more stuff like this
in your inbox
Subscribe Us And Get Latest Tech News, Hacking News, Science News, And Latest Gadgets News Directly Delivered To Your Inbox
Thank You For Subscribing. Verification Email Has Been Send To You. Please Verify !
Something Went Wrong.