Google’s Project Zero has released proof of concept code for a high severity elevation of privilege flaw in Windows 10.
The flaw involves the splwow64.exe Windows process, in that Google found a malicious process can send a Local Procedure Call (LPC) messages to splwow64.exe through which an attacker can write an arbitrary value to an arbitrary address in splwow64’s memory space.
Microsoft in fact patched the flaw in June, but Google says Microsoft’s patch was incomplete. Microsoft had apparently changed the pointers to an offset, meaning it can still be exploited using the offset value.
Google disclosed the issue to Microsoft on September 24th, and, after missing a November Patch Tuesday, Microsoft failed to patch it within 90 days (ie today), leading to the disclosure.
Details regarding the exploit can be found on the Project Zero blog here. Microsoft currently plans to patch the flaw on the 12th January 2021.