Google’s Project Zero team has made public details of an improperly patched zero-day security vulnerability in Windows print spooler API that could be leveraged by a bad actor to execute arbitrary code. Microsoft failed to rectify the flaw within 90 days of responsible disclosure on September 24. The newly reported elevation of privilege flaw, identified as CVE-2020-17008, is expected to be resolved by Microsoft on January 12, 2021, due to “issues identified in testing” after promising an initial fix in November.
Source: https://thehackernews.com/2020/12/google-discloses-poorly-patched-now.html