A zero-day vulnerability in Microsoft Corporation’s Windows system poses a significant security threat to all its users. Project Zero team crawls vulnerabilities in cyberspace and makes organizations and people aware of these threats.
The history of this vulnerability goes back to Dec 2019, when a user reported this threat. Windows soon released a patch in July 2020 following the report. However, it was not effective in dealing with the vulnerability and remains unpatched till date.
Google’s Project Zero team informed Microsoft about high severity zero-day vulnerability (CVE-2020-0986) in Windows system three months back. But the Company failed to release an effective patch.
Over the past few weeks, Users have reported that the December 2020 Windows update bug has broken the Check disk feature, which is one of the most useful Windows command line system features. This vulnerability uses a privilege exploit in the GDI Print/ Print Spooler API. An attacker could exploit this vulnerability and run an arbitrary code on a victim’s computer and make system-level changes. It puts all the Windows users at risk.
In 2014, Microsoft reduced employees from its testing team and started using virtual machines to test updates. Microsoft’s insider team, a group of tech enthusiasts, was also created to beta test updates and provide feedback. But this approach taken by Microsoft seems to have increased the number of bugs and security threats in Windows’ system.