The original issue was an arbitrary pointer dereference which allowed the attacker to control the src and dest pointers to a memcpy. The "fix" simply changed the pointers to offsets, which still allows control of the args to the memcpy.
— Maddie Stone (@maddiestone) December 23, 2020
In May, Kaspersky (@oct0xor) discovered CVE-2020-0986 in Windows splwow64 was exploited itw as a 0day. Microsoft released a patch in June, but that patch didnt fix the vuln. After reporting that bad fix in Sept under a 90day deadline, it's still not fixed. https://t.co/WDGNs3JGka
— Maddie Stone (@maddiestone) December 23, 2020
A good question: What happens when incentives to fix vulnerabilities become internally misapplied or mistranslated (due, possibly, to competing internal incentives) and fail to solve the original problem? https://t.co/oTixOY1ST9
— Jeffrey Vagle (@jvagle) December 23, 2020
Google hackers disclose exploit for an UNPATCHED Windows #vulnerability (CVE-2020-0986) that was exploited as 0-day in the wild, for which #Microsoft issued an incomplete patch and then failed to patch it again under the 90-day deadline.
— The Hacker News (@TheHackersNews) December 24, 2020
Read — https://t.co/OavsIXs2QY#infosec
Windows zero-day with bad patch gets new public exploit codehttps://t.co/CpNWqnuMjY
— Sami Laiho (@samilaiho) December 25, 2020
구글 제로데이팀, MS가 6월에 해결했다라고 밝힌 권한상승 취약점이 해소되지 않았다고 공개. MS는 다음 패치 화요일에 패치한다는 입장. https://t.co/HHRMYBQEWZ
— 푸른곰 (@purengom) December 26, 2020
? Windows zero-day with bad patch gets new public exploit code#windows #microsoft #CyberSecurity #zeroday #0day https://t.co/El8MKFfa8a
— Dr. ir Johannes Drooghaag (JD) ? (@DrJDrooghaag) December 24, 2020
Windows zero-day with bad patch gets new public exploit code#cybersecurity #riskmanagement #phishing #malware #Infosec #cyberthreats #ramsomware #hacking #dataprotection #privacy#dataleak #informationsecurity #cyberattacks #databreach
— Paula Piccard ?? ?? (@Paula_Piccard) December 24, 2020
https://t.co/ZLnEIiWqc2 pic.twitter.com/bWgKmb9cAR
Windows zero-day (CVE-2020-0986) actively exploited in May got a bad patch in June.
— ?Sergiu Gatlan (@serghei) December 23, 2020
Now it got a new CVE (CVE-2020-17008) and it's still exploitable (public exploit code available).
Microsoft says that a patch will be released after January 6, 2021.https://t.co/JbdwPys7vs
Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug https://t.co/zGt2RMrUDw
— CYBER OSINT (@Cyber_O51NT) December 25, 2020
#CyberSecurity #infosec Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug https://t.co/2jpE0Qmby3
— Josué Zamora (@jos1727) December 24, 2020
Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug#cybersecurity #riskmanagement #phishing #malware #Infosec #cyberthreats #ramsomware #hacking #dataprotection #privacy#dataleak #informationsecurity #cyberattacks #databreachhttps://t.co/z3gZ3jXP7V pic.twitter.com/dDWl9YWMgH
— Paula Piccard ?? ?? (@Paula_Piccard) December 24, 2020
Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug https://t.co/tTzNuNlOdh #programming #softwareengineering #bigdata #datascience #analytics #ai #python #javascript
— Lewis Gavin (@GavLaaaaaaaa) December 25, 2020
#Google hackers disclose exploit for an UNPATCHED Windows #vulnerability (CVE-2020-0986) that was exploited as 0-day in the wild, for which #Microsoft issued an incomplete patch and then failed to patch it again under the 90-day deadline.
— Anonymous??️ ?? (@YourAnonRiots) December 24, 2020
https://t.co/5qK5OnmnBj#infosec
#Security via @threatpost: Windows Zero-Day Still Circulating After Faulty Fix https://t.co/53zBUXEyPp #cybersecurity @drjdrooghaag @fabriziobustama @robmay70 @IanLJones98 @NigelTozer @antgrasso @AkwyZ
— Bill Mew #DigitalEthics #TrustinTech #BLM (@BillMew) December 25, 2020
Windows Zero-Day Still Circulating After Faulty Fix https://t.co/ka8JORo6RF
— Nicolas Krassas (@Dinosn) December 24, 2020
Windows Zero-Day Still Circulating After Faulty Fix https://t.co/vnGrRJBWxV #infosec #threats #0day
— ⓃⓄⓉTruppi (@NotTruppi) December 25, 2020
Windows Zero-Day Still Circulating After Faulty Fix https://t.co/d9FB19KkAz #news
— packet storm (@packet_storm) December 24, 2020
Windows: splWOW64 Elevation of Privilege https://t.co/UUgvJ9Hc2J
— Project Zero Bugs (@ProjectZeroBugs) December 23, 2020
CVE-2020-17008 Windows: splWOW64 Elevation of Privilege
— Jas502n (@jas502n) December 24, 2020
POC:https://t.co/jCXljAqRYE
以前DarkHotel関連で使われてたと言われていたCVE-2020-0986の修正が不十分で、Project ZeroがMSに報告するも未修正のまま90日ルールにより詳細を公開したようです...
— Autumn Good (@autumn_good_35) December 24, 2020
CVE-2020-17008
Issue 2096: Windows: splWOW64 Elevation of Privilegehttps://t.co/CKaJxyQvMy
?The #vulnerability lets attackers execute arbitrary code in kernel mode which could then be used to run #malware on the victim's machine.
— Anonymous??️ ?? (@YourAnonRiots) December 25, 2020
https://t.co/qCt1AdVrEE#Security #Microsoft #Google #0day #InfoSec