image credit: pixabay
Microsoft fixed a zero-day vulnerability in June 2020, but the company did a poor job. Security researchers from Google’s Project Zero showed that attackers could still use the zero-day, despite the patch.
Since zero-day exploits are a serious matter, most of the time, companies quickly release a patch. The June 2020 patch for Windows 8.1 and 10 covered the zero-day CVE-2020-0986 vulnerability, or at least that was the plan.
“An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory,” reads the vulnerability. “An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
