by Jordi Bercial 24 / 12 / 2020 …

Google Project Zero, the Google program dedicated to finding vulnerabilities in different software, has released the details of a zero-day security vulnerability in which a malicious actor could execute arbitrary code through the Windows spooler API.

This vulnerability, named CVE – 2020 – 829 , focuses on a splwow file vulnerability 64. exe on Windows that allows an attacker to execute arbitrary code in kernel mode on the computer the file is running on, so that it could be chained with malware to take control system ol.

Originally, Windows released a patch for this vulnerability, but several researchers have cataloged it botched, because this patch does not prevent or hinder the use of this vulnerability or make it disappear , so it was mainly used to “Shut up” Google.

After about 6 months without an appropriate solution and exploiting the vulnerability to attack a South Korean company, finally all the information is coming to light to try that, somehow, Microsoft take this vulnerability seriously and patch it properly, as it is a significant security risk that should not have been overlooked by Microsoft’s security team after being warned.

End of Article. Tell us something in the Comments or come to our Forum!

Jordi Bercial

Avid enthusiast of technology and electronics . I messed around with computer components almost since I learned to ride. I started working at Geeknetic after winning a contest on their forum for writing hardware articles. Drift, mechanics and photography lover. Don’t be shy and leave a comment on my articles if you have any questions.