Google reveals details of recently Patched Windows Flaw

Google Project Zero team disclosed the details of a recently fixed Windows flaw, tracked as CVE-2021-24093, that can be compromised for remote code execution in the context of the DirectWrite user. Dominik Rottsches of Google and Mateusz Jurczyk of Google Project Zero discovered the flaws and reported the issue to Microsoft in November and the bug report was made public this week.

The vulnerability was fixed with the release of February 2021 Patch Tuesday updates.

Cybersecurity researchers Jurczyk and Rottsches explained CVE-2021-24093 as a DirectWrite heap-based buffer overflow linked to the processing of a specially designed TrueType font. They further explained that a hacker can trigger a memory corruption condition that can be exploited to execute arbitrary code in the context of the DirectWrite client. DirectWrite is a Windows API designed to provide supports measuring, drawing, and hit-testing of multi-format text.

This vulnerability in the Windows operating system affected the Windows graphics components and it can be compromised by luring the victim to a website containing a specially designed file set up to exploit the vulnerability. This flaw received the CVSS score of 8.8, but Microsoft has designated this flaw as ‘critical’ for all affected operating systems and the list includes Windows 10, Windows Server 2016 and 2019, and Windows Server.

Google published the report reading, “we have discovered a crash in the DWrite!fsg_ExecuteGlyph function when loading and rasterizing a malformed TrueType font with a corrupted “maxp” table. Specifically, it was triggered after changing the value of the maxPoints field from 168 to 0, and the maxCompositePoints value from 2352 to 3 in our test font. We believe that this causes an inadequately small buffer to be allocated from the heap.” 

Subsequently, cybersecurity researchers examined their exploit on a fully patched Windows 10 in all major browsers and released a proof-of-concept (POC) exploit.

You might also like

Comments are closed.