Google recently discovered a vulnerability in Win10 that could allow users to authorize malware to access the kernel without their knowledge, thereby exposing them to hacking attacks. This vulnerability originates from the Windows font renderer, Microsoft DirectWrite.
This font renderer is used by major web browsers such as Chrome, Firefox, and Edge as the default font rasterizer for rendering web font glyphs. It is easily corrupted by custom-made TrueType fonts, causing it to crash and corrupt its memory. Malware can then gain access to the kernel. This will allow hackers to remotely perform arbitrary operations on the target system.
[Google Discovers Win10 Vulnerabilities: Hackers Can Launch Attacks Using Web Fonts] Google's Project Zero researchers discovered this vulnerability in a text rendering API called Microsoft DirectWrite. The flaw database code is CVE-2021-24093. They reported the vulnerability to Microsoft's Security Response Center in November. Microsoft released a security update on February 9 to address this issue on all vulnerable platforms. The security vulnerability affects multiple versions of Windows 10 and Windows Server, up to the latest version 20H2.
An attacker could use CVE-2021-24093 to trigger a buffer overflow in the fsg_ExecuteGlyph API function, causing a target user to visit a website with a maliciously crafted TrueType font, thereby gaining access to the Windows kernel.
We recommend that all Microsoft users perform security updates to avoid attacks from malicious sites or software.
Microsoft is releasing Windows 10 21H1 preview and here is the list of new features
Microsoft released the first preview of Windows 10 version 21H1, and just a couple of days ago the company confirmed the existence of this update. This is a minor update and does not include any major features. We'll probably see the main features of the larger 21H2 update.
List of changes:
- Windows Hello multi-camera support, allowing users to prioritize the external camera when using high-end displays with built-in cameras.
- Windows Defender Application Guard performance improvements, including document open script timing optimizations.
- Fixed an issue that caused a delay of one minute or more when you open a Microsoft Defender Application Guard (WDAG) Office document. This occurs when you try to open a file using a Universal Naming Convention (UNC) path. This also happens when trying to share a server message block (SMB) link.
- Improved Robocopy performance when copying files larger than 400MB.
- Fixed an issue where the WDAG container was using almost 1 GB of memory when the container was not running.
- Windows Management Services (WMI) Group Policy Service (GPSVC) updates with performance improvements to support remote work scenarios.
- Fixed an issue that caused an Active Directory (AD) administrator to make changes to the membership of users or computers to propagate slowly. Although the access token is updated over time, these changes are not reflected when an administrator uses gpresult /r or gpresult /h to generate a report.
