Google revealed a vulnerability in the Win10 system that could allow users to authorize malicious software to access the kernel without their knowledge, thereby subjecting them to hacker attacks. This vulnerability comes from the Windows font renderer Microsoft DirectWrite.
This font renderer is used by mainstream web browsers like Chrome, Firefox, and Edge as the default font rasterizer for rendering web font glyphs. It is easily damaged by specially-made TrueType fonts, causing its memory to be damaged and crashed.
Then malicious programs can be used to gain access to the kernel, and hackers can also remotely perform arbitrary operations on the target system. Google’s Project Zero researchers discovered this vulnerability in a text rendering API called Microsoft DirectWrite.
Microsoft DirectWrite heap-based buffer overflow in fsg_ExecuteGlyph while processing variable TTF fonts https://t.co/EM4zxsIXwK
— Project Zero Bugs (@ProjectZeroBugs) February 24, 2021
The database code of the defect is CVE-2021-24093. They reported the vulnerability to the Microsoft Security Response Center in November. Microsoft launched a security update on February 9 to resolve this issue on all vulnerable platforms. The security vulnerability affects multiple versions of Windows 10 and Windows Server, up to the latest version 20H2.
An attacker can use CVE-2021-24093 to trigger a buffer overflow in the fsg_ExecuteGlyph API function by inducing a target user to visit a website with a maliciously crafted TrueType font, thereby gaining access to the Windows kernel. Microsoft users perform security updates to avoid attacks from malicious sites or software.
