Security Experts:

Connect with us

Hi, what are you looking for?



Researchers Divulge Details on Five Windows Zero Days

Zero Day Initiative Researchers Publish Five Windows Zero Days

Zero Day Initiative Researchers Publish Five Windows Zero Days

Security researchers working with Trend Micro’s Zero Day Initiative (ZDI) have published information on five unpatched vulnerabilities in Microsoft Windows, including four considered high risk.

Tracked as CVE-2020-0916, CVE-2020-0986, and CVE-2020-0915, and featuring a CVSS score of 7.0, the first three of these zero-day vulnerabilities could allow an attacker to escalate privileges on the affected system. 

The security flaws were identified in the user-mode printer driver host process splwow64.exe, and exists because user-supplied input isn’t properly validated before being dereferenced as a pointer. 

Adversaries looking to exploit these security flaws would first need to gain low privilege access to the system. Successful exploitation would allow them to execute code in the context of the current user at medium integrity. 

The same user-mode printer driver host process splwow64.exe was also found vulnerable to a low severity information disclosure bug. Tracked as CVE-2020-0915 and featuring a CVSS score of 2.5, the issue results from the same lack of validation of a user-supplied value before being dereferenced as a pointer.

Microsoft was informed on the existence of these vulnerabilities in December 2019 and was aiming to release a patch on May 2020 Patch Tuesday, but missed the deadline. Only beta fixes were provided to the security researchers, for testing. 

Also featuring a CVSS score of 7.0 and allowing attackers to escalate privileges is a vulnerability in the handling of WLAN connection profiles that has no CVE identifier.  

“By creating a malicious profile, an attacker can disclose credentials for the machine account. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of an administrator,” ZDI explains

The security researchers also revealed that Microsoft was informed on the vulnerability in January, but said that a patch won’t be released for the issue. 

Related: Windows Vulnerabilities Exploited for Code Execution, Privilege Escalation

Related: Researcher Finds New Class of Windows Vulnerabilities

Related: SMBGhost Vulnerability Allows Privilege Escalation on Windows Systems

Related: NSA Discloses Serious Windows Vulnerability to Microsoft

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.


GoAnywhere MFT users warned about a zero-day remote code injection exploit that can be targeted directly from the internet