A high-severity Windows zero-day allows an attacker to install programs and access admin privileges such as viewing, changing, and deleting data. It can lead to a complete desktop takeover and is located in the Print Spooler API. However, the critical flaw remains dangerous after Microsoft failed to effectively patch the bug. Although the tech giant released a fix for the high severity vulnerability, researchers have found that the patch did not properly secure devices and could still lead to remote code execution and privilege escalation.
The issue lies in how the Windows kernel handles objects in memory, according to Microsoft. An attacker could run arbitrary code in kernel mode, leading them to the ability to install programs, view, change, or delete data. Microsoft issued an advisory for the flaw in June, however, the issue is being revisited due to the inadequacy of the original patch even after the flaw was left unfixed for six months. During this time, Kaspersky observed the vulnerability being exploited in the wild, in one instance against a South Korean company in May.
Read More: Windows Zero-Day Still Circulating After Faulty Fix