Microsoft is working on developing comprehensive mitigation for a class of Windows bugs that have plagued the operating system for more than two decades.
Israeli security researcher Gil Dabah told ZDNet that a fix is currently in the works.
Earlier today, Dabah published proof-of-concept code and a report detailing 25 bugs, all exploiting variations on the same type of vulnerability.
Bug class impacts the old Win32k component
Dabah’s work expands on an attack surface in the Windows operating system that’s been known since the mid-90s. The vulnerability class impacts Win32k, a Windows component that manages the user interface on Windows 32-bit architectures, and the interactions between UI elements, drivers, and the Windows OS/kernel.
Today, the Win32k component still ships with Windows, even on 64-bit versions, where it acts as a legacy layer, allowing older apps to run on modern systems.
But the problem comes from how this component evolved. In