Apparently, Microsoft released a patch to fix the vulnerability in June but it did not work the way it was supposed to and remains unpatched to date.
While we expect large companies to effectively deal with bugs and patch them in time, sometimes they too can disappoint especially in Microsoft’s case which is something not surprising.
In the latest, it has been found that Google has publicly released the details of a zero-day vulnerability that Microsoft did not patch in time.
In the backstory, an anonymous researcher reported the flaw to Microsoft which concerned their Windows Print Spooler API last year in December. The flaw allowed threat actors to execute arbitrary code in kernel mode which could then be used to run malware on the victim’s machine endangering their security.
[ See: 17-year-old “wormable” SigRed vulnerability found in Windows servers ]
A patch was not issued even after 6 months after which a public advisory was released on May 19th, 2020. This led to a threat actor exploiting it in a series of attacks known as “Operation PowerFall.”
`
A patch was then finally released in June by Microsoft but apparently, it did not work the way it was supposed to.
Keeping this in mind, google reveals unpatched vulnerability microsoft
