Google’s team of top security analysts, project Zero, has effectively disclosed a zero-day vulnerability concerning the graphics element of Microsoft Windows.
However, Microsoft has been notified about the bug that is affirmed to have permitted the criminals to attack an entire Windows fleet, solely with the assistance of a TrueType font. The problem is known to have its appearance in a rich quality of text presenting Windows interface known as the Microsoft DirectWrite.
Moreover, Project Zero has issued their bug report on the problem CVE-2021-24093 following this Microsoft has published a similar security update on February 9th, 2021, within the conventional 90-days acknowledgment deadline.
In addition to it, the report also emphasizes the matter of how hackers remotely broke into the Windows systems illegally by the operating system’s DirectWrite API, which is intended for representing fonts for the famous search engines such as Google Chrome, Firefox, and Microsoft Edge.
“Attached is the proof-of-concept TrueType font together with an HTML file that embeds it and displays the AE character,” the researchers stated.
“It reproduces the crash shown above on a fully updated Windows 10 1909, in all major web browsers. The font itself has been subset to only include the faulty glyph and its dependencies.”
Consequently, Microsoft has issued security updates to tackle the vulnerability on all platforms in February, as the company has now registered Patch Tuesday rollouts.
Image source: Cnet