Google release exploit code for just patched Windows 10 Remote Code Execution bug

Home » Google

Reading time icon 2 min. read

Calendar icon Published on

by Surur Davids 

published on

Share this article

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

network hacked

Better make sure your Windows 10 patches are up to date, as Google’s Project Zero has just released Proof of Concept code for a just-patched Windows 10 flaw which can be exploited by simply visiting a web page.

The issue is a flaw in Microsoft DirectWrite, the Windows font renderer which is also used in all browsers, and which is vulnerable to specially-crafted TrueType fonts which can cause it to corrupt memory and crash, which can then be used to run code at kernel privileges.

“Attached is the proof-of-concept TrueType font together with an HTML file that embeds it and displays the AE character,” Google noted. “It reproduces the crash shown above on a fully updated Windows 10 1909, in all major web browsers. The font itself has been subset to only include the faulty glyph and its dependencies.”

The flaw, written up as CVE-2021-24093, was just patched on the 9th February 2021, meaning any users who have delayed installing this month’s Cumulative Updates are still vulnerable.

Read more about the issue at Google here, and patch your computer by Checking for Updates in Settings.

via BleepingComputer

Surur Davids

Surur Davids Shield

Smartphone Expert

Surur Davids is the founder of WMPoweruser which later became MSPoweruser.com. He's a smartphone expert with over a decade of experience.

User forum

0 messages