Google experts publish exploit for critical bug in Windows 10

exploit for a bug in Windows 10
Written by Emma Davis

A team of information security specialists Project Zero from Google has published technical details and an exploit (PoC code) for exploiting a remote code execution critical bug in a graphical component of Windows 10.

Researchers have discovered a vulnerability (CVE-2021-24093) in DirectWrite – Microsoft’s application programming interface (API) for formatting text on the screen and rendering individual glyphs – Microsoft.

The issue affects multiple editions of Windows 10 and Windows Server older than version 20H2.

After the 90-day disclosure deadline, Project Zero released a PoC test code to exploit the vulnerability to reproduce the issue in browsers running on fully patched Windows 10 (1909) systems.

The DirectWrite API is used as the default font rasterizer in major web browsers such as Chrome, Firefox, and Edge to render web font glyphs.

Because browsers use the DirectWrite API to render fonts, attackers could exploit the vulnerability to cause a memory corruption state that could allow them to remotely execute arbitrary code on target systems.

When browsers display glyphs from web fonts, they pass on web font binary data to DirectWrite and execute it in their rendering processes. Thus, the possibility to leverage a memory corruption for code execution extends to a remote attacker on condition that such an attacker succeeds in steering the user to content that downloads and displays a malicious font.Google Project Zero researchers report.

Attackers can trick a victim into visiting websites with maliciously crafted TrueType fonts that cause a heap-based buffer overflow in the fsg_ExecuteGlyph API function.

The code corrupts subsequent structure members located further in the allocation, including pointers to other important data structures of the font. The memory corruption condition could be further leveraged to execute arbitrary code in the context of the DirectWrite client”, — said clinic representatives

Experts reported the issue to Microsoft Security Response Centre last November. The company released security updates to address this issue in February this year.

Let me also remind you that we reported that Google Project Zero warns that Fresh Windows LSASS Patch is Ineffective.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply