Google Project Zero has disclosed yet another Windows vulnerability that can lead to elevation of privilege. Microsoft had initially stated that it would not resolve it, but is now working on a fix.
Google’s Project Zero team is famous (or infamous, depending upon which side of the fence you are) for discovering vulnerabilities in the software developed by the company itself as well as those built by other firms. Its methodology involves identifying security flaws in software and privately reporting them to vendors, giving them 90 days to fix them before public disclosure. Depending upon the complexity of the fix required, it sometimes also offers additional days in the form of a grace period. The security team has discovered and disclosed multiple security flaws in the past few years following the respective vendor’s inability to patch them in a timely manner. This includes Qualcomm’s Adreno GPU drivers, Microsoft’s Windows, Apple’s macOS, and more.
