Researchers at Trend Micro Zero Day Initiative (ZDI) published information five unpatched vulnerabilities in Windows, four of which are at high risk.
Three zero-day vulnerabilities, which received identifiers CVE-2020-0916, CVE-2020-0986 and CVE-2020-0915, scored 7 points out of 10 possible on the CVSS vulnerability rating scale. In fact, these three problems can allow an attacker to increase their privileges in a vulnerable system to the level of the current user. Fortunately, attackers who decide to exploit these bugs will first have to gain low privileged access to the target system.
The root of these problems lies in the user-mode printer driver splwow64.exe host process: the user input provided does not pass validation before dereferencing the pointer.
The same process, splwow64.exe, is subject to yet another, less serious problem, tracked as CVE-2020-0915. The vulnerability scored only 2.5 points on the CVSS scale and also arises due to the lack of proper validation of user-provided data.
Experts write that they notified Microsoft about these problems in December 2019, and the company intended to include patches for them in the May "Tuesday of updates." However, the company's engineers failed to meet this deadline, and so far only beta versions of the patches for testing have been provided to the ZDI researchers, and the end users have not received corrections.
Another vulnerability that does not have a CVE identifier, ZDI experts identified in January this year. This bug also allows attackers to increase their privileges and is related to how the system processes WLAN connection profiles. Researchers believe that this bug can be estimated at about 7 points on the CVSS scale. In this case, the hacker will also first have to gain access to the target system, and only then exploit the problem.
“By creating a malicious profile, an attacker can learn the credentials for a computer account. An attacker can use this vulnerability to increase their privileges and execute code in the context of an administrator, ”- they write experts.
Interestingly, Microsoft engineers do not intend to fix this problem at all, at least not in the near future.