Sunday, February 19, 2017

Google Outs Another Unpatched Windows Vulnerability

Apparently the Google Project Zero Team feels that it has given Microsoft more than enough time to fix this flaw so they went public with the details. The good news is that you can't exploit this flaw without direct access to your computer so the risk is fairly low.

Jurczyk reported the issue to Microsoft on November 16, 2016. Microsoft did not release a patch in time, which is why the system revealed the issue and the example exploit code. Good news for Windows users is that the issue should not be of major concern as it requires access to the machine to exploit the issue. Woody notes that an attacker would have to log on to the machine to execute a specially prepared EMF file to exploit the issue.