Microsoft’s worst Windows 10 tool has a mega security flaw Paint 3D on a Surface
Security researchers from Trend Micro’s Zero Day Initiative (ZDI) have discovered a new vulnerability in one of the least popular tools that comes pre-installed with Windows 10.
First introduced as part of the Microsoft’s Creators Update back in 2016, Paint 3D was originally intended to be a replacement for Microsoft Paint that has shipped with the company’s operating system since Windows 1.0.
However, the 3D modeling software never saw the kind of adoption the software giant hoped for which is why Paint and Paint 3D continue to live alongside each other on Windows. This could change soon though as Paint 3D was not included in a recently leaked build of Windows 11.
While difficult to exploit, the recently discovered flaw, which has now been patched by Microsoft, could be another reason why Paint 3D’s days may be numbered.
Remote code execution in Paint 3D
The vulnerability in Paint 3D, tracked as CVE-2021-31946, could be exploited by an attacker to execute arbitrary code after an unsuspecting users visits a malicious page or opens a malicious file according to a new security advisory from ZDI.
However, in order to exploit this vulnerability, an attacker would first need to achieve privilege escalation on a targeted system before persuading a user to open a malicious file or website.
ZDI discovered this vulnerability using a technique called fuzzing earlier this year and it then reported its findings to Microsoft back in February. Thankfully the security researchers have not observed an exploits in the wild or publicly available proof-of-concept code which means that Windows users should be safe for now.
At the same time, Microsoft has also issued a patch to address the vulnerability that is now rolling out to users’ systems via the Microsoft Store. If you don’t have automatic updates set up in the Microsoft Store, you can also manually download the update by following these instructions.
We’ll have to wait and see if Paint 3D makes the cut in the next version of Microsoft’s operating system though the company has an event planned for later this month that will shed more light on Windows 11.
Via The Register
Security researchers from Trend Micro’s Zero Day Initiative (ZDI) have discovered a new vulnerability in one of the least popular tools that comes pre-installed with Windows 10. First introduced as part of the Microsoft’s Creators Update back in 2016, Paint 3D was originally intended to be a replacement for Microsoft…
