Google’s Christmas present to Microsoft: a high severity elevation of privilege flaw in Windows 10

Google’s Project Zero has released proof of concept code for a high severity elevation of privilege flaw in Windows 10.


The flaw involves the splwow64.exe Windows process, in that Google found a malicious process can send a Local Procedure Call (LPC) messages to splwow64.exe through which an attacker can write an arbitrary value to an arbitrary address in splwow64’s memory space.

Microsoft in fact patched the flaw in June, but Google says Microsoft’s patch was incomplete. Microsoft had apparently changed the pointers to an offset, meaning it can still be exploited using the offset value.

Google disclosed the issue to Microsoft on September 24th, and, after missing a November Patch Tuesday, Microsoft failed to patch it within 90 days (ie today), leading to the disclosure.

Details regarding the exploit can be found on the Project Zero blog here. Microsoft currently plans to patch the flaw on the 12th January 2021.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.