Google Project Zero discloses high severity elevation of privilege flaw in Windows

Google Project Zero is quite well-known for discovering vulnerabilities in the software developed by the company itself as well as those built by other firms. Its methodology involves identifying security flaws in software and privately reporting them to vendors, giving them 90 days to fix them before public disclosure. Depending upon the complexity of the fix required, it sometimes also offers additional days in the form of a grace period.

The security team has discovered and disclosed multiple security flaws in the past few years following the vendor’s inability to patch them in a timely manner. This includes Qualcomm’s Adreno GPU drivers, Microsoft’s Windows, Apple’s macOS, and more. Now, it has publicly disclosed a security bug in Windows which, if exploited, can lead to elevation of privilege.

We’ll try to spare you the nitty-gritty details as usual by presenting you a simplified meat-of-the-matter statement as follows: A malicious process can send Local Procedure Call (LPC) messages to the splwow64.exe Windows process, through which an attacker can write an arbitrary value to an arbitrary address in splwow64’s memory space. This essentially means that the attacker controls this destination address and any contents that get copied to it.

The flaw in question isn’t exactly new. In fact, a security researcher at Kaspersky reported it earlier this year and Microsoft patched it back in June. However, this patch has now been determined as incomplete by Google Project Zero’s Maddie Stone, who says that Microsoft’s fix only changes the pointers to an offset, which means that an attacker can still exploit it using the offset value.
The zero-day was reported privately to Microsoft by Google Project Zero on September 24, with the standard 90-day deadline set to expire on December 24. Microsoft initially planned to release a fix in November, but that release time frame then slipped to December. After that, it told Google that it had identified new problems in its testing, and it will now release a patch in January 2021.

On December 8, the two parties met to discuss progress and next steps, where it was determined that the 14-day grace period cannot be offered to Microsoft since the company plans to release the patch on Patch Tuesday on January 12, 2021, six days over the grace period deadline. Stone has stated that while she doesn’t think that an incomplete fix deserves a new 90-day deadline, this has still been followed as the default since Google’s current policies do not cover this use-case. The Project Zero team plans to revisit its policies again next year but has publicly disclosed the vulnerability with proof-of-concept code. The technical report is unclear which versions of Windows this affects, but Kaspersky’s report from a few months ago indicates that attackers have been using it to target new builds of Windows 10.

reference

content editor at zino.

۳ comments On Google Project Zero discloses high severity elevation of privilege flaw in Windows

  • I simply had to thank you so much once more. I do not know the things that I could possibly have undertaken without the entire concepts shared by you directly on such field. Entirely was a very difficult circumstance in my opinion, but looking at the very expert fashion you resolved that made me to leap for gladness. I’m just thankful for this guidance and pray you realize what a great job you’re providing teaching the mediocre ones using your blog post. I am sure you’ve never got to know any of us.

  • Thank you a lot for providing individuals with an extraordinarily spectacular possiblity to check tips from this website. It really is so sweet plus full of amusement for me and my office peers to search the blog really three times every week to see the new guides you will have. Not to mention, I’m so at all times astounded with your perfect tips and hints you give. Some 4 tips in this article are indeed the simplest we’ve ever had.

  • I have to show my affection for your kindness giving support to those individuals that need guidance on your study. Your real dedication to getting the message along has been surprisingly good and has continuously helped somebody just like me to reach their objectives. The invaluable guideline signifies so much to me and even more to my office colleagues. Thank you; from each one of us.

Leave a reply:

Your email address will not be published.

Site Footer

Sliding Sidebar

Categories