Google release exploit code for just patched Windows 10 Remote Code Execution bug

by Surur
February 28, 2021
network hacked

Is Copilot the best AI companion out there? Help us find out by answering a couple of quick questions!

Better make sure your Windows 10 patches are up to date, as Google’s Project Zero has just released Proof of Concept code for a just-patched Windows 10 flaw which can be exploited by simply visiting a web page.

The issue is a flaw in Microsoft DirectWrite, the Windows font renderer which is also used in all browsers, and which is vulnerable to specially-crafted TrueType fonts which can cause it to corrupt memory and crash, which can then be used to run code at kernel privileges.

“Attached is the proof-of-concept TrueType font together with an HTML file that embeds it and displays the AE character,” Google noted. “It reproduces the crash shown above on a fully updated Windows 10 1909, in all major web browsers. The font itself has been subset to only include the faulty glyph and its dependencies.”

The flaw, written up as CVE-2021-24093, was just patched on the 9th February 2021, meaning any users who have delayed installing this month’s Cumulative Updates are still vulnerable.

Read more about the issue at Google here, and patch your computer by Checking for Updates in Settings.

via BleepingComputer

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}