HomeWinBuzzer NewsWindows 10 Vulnerability Found by Project Zero Gets Third Party Patch

Windows 10 Vulnerability Found by Project Zero Gets Third Party Patch

Third-party security group 0patch has issued a fix for a gdi32.dll vulnerability found in Windows 10. The flaw was discovered by Google Project Zero last month and will likely be solved by Microsoft’s March Patch Tuesday.

-

Project Zero has uncovered several vulnerabilities in services recently. We reported on a confusion flaw in Microsoft Edge, while Project Zero has also found a problem with . Microsoft has yet to patch these vulnerabilities, but the Windows 10 flaw has been solved by a third party.

As a recap, was created to find zero-day vulnerabilities in services. The company warns software providers of the flaw, giving them 90 days to solve it. When the 90 days pass, any unsolved vulnerabilities are made public.

The two flaws found in Microsoft services last month passed the limit without a fix. Google says Project Zero exists to promote openness and to push software providers to solve problems. In terms of the Windows 10 gdi32.dll vulnerability, the team said Microsoft was informed last year and an attempt to fix it did not work.

Third-party security firm 0patch has created a solution that could solve the issue. The group is a project create by ACROS Security experts and has built a patch for the memory disclosure bug. 0patch updates will move beyond this flaw and will be released when a vendor has yet to solve an issue.

The 0patch for the Windows 10 vulnerability is the first.

Microsoft Fix

Of course, the 0patch solution would be temporary until Microsoft issues its own fix. The most likely timeframe for an official patch is March 14, when Windows gets its monthly release.

“Microsoft will likely fix this issue with their next Patch Tuesday (March 14), so ours is the only patch available in the World until then. We'll also try to micropatch the other 0-day revealed by Google,” the group says.

The company suspended February's Patch Tuesday because of an unnamed flaw that could not be solved in time. While Microsoft has not said what the issue was, it could have been the Windows 10 problem found by Google Project Zero.

Source0patch
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News