Security researchers from the Trend Micro’s Zero Day Initiative (ZDI) have found new vulnerabilities in one of the most unpopular tools that come pre-installed with Windows 10.
First introduced as part of the Microsoft Maker Update back in 2016, 3D paint was originally intended to be a substitute for Microsoft Paint which has been sent with the company’s operating system since Windows 1.0.
However, 3D modeling software has never seen the type of adoption, the expected software giant is why paint and 3D paint continue to live with each other in Windows. It can immediately change even though when the 3D paint is not included in the new Windows 11 Build.
We have assembled the list of the best end point protection software
This is the best firewall on the market to protect your network
See also our Roundup from the best malware removal software
While it is difficult to exploit, a new defect found, which has now been patched by Microsoft, can be another reason why the days of painting can be numbered.
Execution of long distance codes in paint 3d
Vulnerability in 3D paint, tracked as CVE-2021-31946, can be exploited by attackers to execute the arbitrary code after non-suspicious users visit a malicious page or open malicious files in accordance with the new security advisor from ZDI.
However, to exploit this vulnerability, an attacker must first need to achieve the estimated privilege of the targeted system before persuading users to open an evil file or website.
ZDI found this vulnerability using a technique called fuzzing earlier this year and then reported his findings to Microsoft back in February. Fortunately security researchers have not observed exploitation in illegal or public proof-proof code which means that Windows users must be safe for now.
At the same time, Microsoft has also issued patches to overcome the vulnerabilities that are now launched into the user system through Microsoft Store. If you don’t have an automatic update set up in Microsoft Store, you can also download updates manually by following this instruction.