This time, it’s not from a lack of trying on Microsoft’s part. The Redmond giant assured Google that the exploit was fixed in June’s ‘Patch Tuesday’ but it now it now appears it wasn’t entirely resolved. “MSRC has indeed confirmed that the fix released on June Patch Tuesday is incorrect and doesn’t resolve the bug properly,” said a Project Zero spokesperson today. “As such, the vulnerability still reproduces on Windows 7-10 with the original proof-of-concept program.”
Grace Period Already Requested
Google informed Microsoft of the bug on March 8th and quickly requested an extension on the regular 90-day period. As that grace period is now over, the vulnerability is open to the public. Thankfully, it’s not the most critical bug we’ve seen in recent times. Google branded an exploit found in Windows Defender last month “the worst remote code exec in recent memory.” In comparison, this bug is a ‘medium’ severity and seems to require local access. Unlike Windows Defender, however, this one wasn’t fixed in two days. Microsoft says a fix will come on either July 11th or August 8th. Check Google’s official notice for more technical details.