Your Windows 10 PC/laptop has five unpatched critical zero-day vulnerabilities

0

Windows 10 PC/laptops have five critical privilege escalation Zero-day flaws which have not yet been patched by Microsoft

We have already written how Microsoft engineers are fighting against time to fix the DISM zero-day in Windows 10. The deployment image servicing and management (DISM) tool is used to repair corruption on Windows 10 systems and does not always report the correct corruption status and can be used by wannabe hackers for malicious purposes.

Now Trend Micro’s Zero Day Initiative has made public five more critical zero-day flaws in the Windows 10 operating system that has not been patched by the Redmond based company. The vulnerabilities are as follows :

Four vulnerabilities listed above are classified as very critical. Three of the vulnerabilities already have vulnerability identifiers as CVE-2020-0916, CVE-2020-0986, and CVE-2020-0915. This indicates the zero-days are highly-severe and can be used by potential hackers to gain privilege access to the Windows 10 PC/laptop.

One of the vulnerabilities listed by the Zero Day Initiative has existed on Windows devices since time immemorial. It is called the PrintDemon vulnerability and has been explained by Microsoft as,

Windows Print Spooler Elevation of Privilege Vulnerability- An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.

The fifth zero-day vulnerability disclosed by Trend Micro’s Zero Day Initiative (ZDI) is a privilege escalation vulnerability in the handling of WLAN connection profiles.

According to reports, all these vulnerabilities could remain unpatched even in the Windows 10 May 2020 mega update. ZDI has already informed Microsoft about these vulnerabilities but they have remained unpatched so far. These vulnerabilities have already made Microsoft push the Windows 10 May 2020 update date from the earlier May 10 to the present May 26. It remains to be seen whether Microsoft pushes the date further into June. It would be an irony to release May 2020 updated in June!

Share.

About Author

"The Internet is the first thing that humanity has built that humanity doesn't understand, the largest experiment in anarchy that we have ever had." Eric Schmidt

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments