Min menu


Google reveals security vulnerability in wrongly patched Windows

Google Project Zero team has released general details of the error-patched vulnerability in the API for the Windows print caching feature, which attackers can use to implement random code.

Details of the wrongly corrected bug were revealed publicly after Microsoft failed to correct it within 90 days of the official disclosure on September 24.

The error was originally tracked as CVE-2020-0986 and relates to upgrading the abuse of privileges in the API for the Windows caching feature that Microsoft reported in late December 2019 through an anonymous user working with Trend Micro's Zero Day initiative.

In the absence of a correction for nearly six months, Trend Micro's Zero Day initiative earlier this year issued general advisory advice on the error.

The error was subsequently exploited in a campaign called Operation powerful against an unnamed South Korean company.

The successful exploitation of this vulnerability allows the attacker to manipulate the memory of the splwow64process.exe in order to execute random code in kernel mode, install malware, view, change or delete data, or create new accounts with full user rights.

Microsoft corrected this error with an update issued in June, but new findings from Google's security team reveal that the bug has not been fully repaired.

Maddie Stone, a researcher at Project Zero, said in a report: The vulnerability still exists, but the method of exploitation has changed.

Microsoft is expected to solve the new problem called CVE-2020-17008 on January 12, 2021.

"There have been a very large number of incidents this year because of security vulnerabilities that are known to have been actively exploited after they were corrected incorrectly or incompletely," Stone said.

"When such vulnerabilities are not fully fixed, attackers can reuse their knowledge of vulnerabilities and methods of exploiting them to easily develop new vulnerabilities.

Source :