That’s what happened now, again, with a serious flaw in Windows being made public even without Microsoft having solved it definitively. The flaw, which has now been made public, affects all versions of Windows that are still supported and allows any attacker to steal data from operating system memory. The target is the gdi32.dll file, which is vulnerable. The fact that it is now revealed does not conflict with the rules of Project Zero as 90 days have passed since it was reported to Microsoft, which until now has not yet solved it definitively. This problem has been addressed by Microsoft, which had already released a fix, but apparently has not yet been able to resolve such a failure. The last notification by Google was made on November 16, where it was shown that the crash was still present in the GDI library. After the three months that have been set, Google has made the fault public. Even though it is a serious failure, it is not expected for now that it can be exploited in a massive way, since it requires physical access to the machines so that the data is stolen. It is, however, only natural that Microsoft will soon correct this glitch before more sophisticated ways of exploiting can be discovered. This is a similar situation to what happened in November 2016, when Google revealed another flaw in Windows, but this time only ten days after it was discovered and Microsoft notified. After the release of security updates has been delayed for the next month, it is now expected, under pressure from Google, that this issue must be resolved as soon as possible.

Δ

Google Reveals A Windows Vulnerability That Microsoft Fails To Patch - 71Google Reveals A Windows Vulnerability That Microsoft Fails To Patch - 9Google Reveals A Windows Vulnerability That Microsoft Fails To Patch - 32