Google's Project Zero team is famous (or infamous, depending upon which side of the fence you are) for discovering vulnerabilities in the software developed by the company itself as well as those built by other firms. Its methodology involves identifying security flaws in software and privately reporting them to vendors, giving them 90 days to fix them before public disclosure. Depending upon the complexity of the fix required, it sometimes also offers additional days in the form of a grace period.
The security team has discovered and disclosed multiple security flaws in the past few years following the respective vendor's inability to patch them in a timely manner. This includes
Qualcomm's Adreno GPU drivers,
Microsoft's Windows,
Apple's macOS, and more. It recently also unveiled
a new Rowhammer variant that can be used to alter the memory contents of new DRAM chips. A couple of months ago, Google disclosed a Windows bug that could cause elevation of privilege (EoP) following a botched fix from Microsoft, and today, it has done almost exactly the same.
The
highly technical report can be found here for those curious, but the gist of the matter is that the default rules of the Windows Filtering Platform (WFP) permit executable files to connect to TCP sockets in AppContainers, which leads to EoP. Essentially, some rules defined in WFP can be matched by a malicious actor to connect to an AppContainer and inject malicious code.