Zero Day Initiative Researchers Publish Five Windows Zero Days
Security researchers working with Trend Micro’s Zero Day Initiative (ZDI) have published information on five unpatched vulnerabilities in Microsoft Windows, including four considered high risk.
Tracked as CVE-2020-0916, CVE-2020-0986, and CVE-2020-0915, and featuring a CVSS score of 7.0, the first three of these zero-day vulnerabilities could allow an attacker to escalate privileges on the affected system.
The security flaws were identified in the user-mode printer driver host process splwow64.exe, and exists because user-supplied input isn’t properly validated before being dereferenced as a pointer.
Adversaries looking to exploit these security flaws would first need to gain low privilege access to the system. Successful exploitation would allow them to execute code in the context of the current user at medium integrity.
The same user-mode printer driver host process splwow64.exe was also found vulnerable to a low severity information disclosure bug. Tracked as CVE-2020-0915 and featuring a CVSS score of 2.5, the issue results from the same lack of validation of a user-supplied value before being dereferenced as a pointer.
Microsoft was informed on the existence of these vulnerabilities in December 2019 and was aiming to release a patch on May 2020 Patch Tuesday, but missed the deadline. Only beta fixes were provided to the security researchers, for testing.
Also featuring a CVSS score of 7.0 and allowing attackers to escalate privileges is a vulnerability in the handling of WLAN connection profiles that has no CVE identifier.
“By creating a malicious profile, an attacker can disclose credentials for the machine account. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of an administrator,” ZDI explains.
The security researchers also revealed that Microsoft was informed on the vulnerability in January, but said that a patch won’t be released for the issue.
Related: Windows Vulnerabilities Exploited for Code Execution, Privilege Escalation
Related: Researcher Finds New Class of Windows Vulnerabilities
Related: SMBGhost Vulnerability Allows Privilege Escalation on Windows Systems
Related: NSA Discloses Serious Windows Vulnerability to Microsoft