Google has revealed Windows OS vulnerabilities that Microsoft has not fixed since this was reported by a Google researcher three months ago. This is the second time that Google found a security bug via its Project Zero research wing. The first time Google disclosed a Windows bug just over a week after informing Microsoft, which found the move "disappointing" and putting users at greater risk. Last week, Google made the announcement before Microsoft can patch it only because the three-month grace period has already lapsed.
The Windows OS bug in question has something to do with the Graphics Development Interface (GDI) library. The library allows applications to utilize the graphics and formatted text on both the local printer and video display. Google researcher Mateusz Jurczyk revealed that the vulnerabilities can be easily exploited by hackers in order to fetch information from the memory. This bug can potentially affect any program that accesses the library.
The said bug is actually a part of a collection of issues discovered in March 2016. Jurczyk initial report was sent to Microsoft on June 9, 2016, and the Redmond-based giant soon released a patch by June 15, Neowin has learned. However, not all Windows OS vulnerabilities were fixed as discovered again by the Google researcher who submitted his bug report on Nov. 16, 2016.
Three months after, Microsoft has not offered any fixes, which were expected to be included in their monthly patch update. Microsoft has deviated from its monthly schedule and delayed the patch update for this month. This move has alarmed a good number of users now exposed to potential attacks. However, there is no cause to panic yet as the Windows OS bug uncovered by Google entails physical access to the host system for potential attackers to perform an exploit.
Nonetheless, Microsoft still needs to act soon to beat the development of any advanced exploits that may happen anytime. The February 14 patch was not released with Microsoft saying that they have suffered "a last minute issue," ZDNet reported. Both the February and March security patches will be released by March 15 with Windows users hoping that the Windows 10 bugs will be resolved.
Microsoft usually releases patch updates on the second Tuesday of the month dubbed as the Patch Tuesday. This is a big event at Redmond where bug fixes and security updates are rolled out to all supported devices from Windows to Office. These are essential updates to fix any Windows OS bugs and other vulnerabilities like the Windows 10 mobile bug blamed for exposing users' photos.