Microsoft’s worst Windows 10 tool has a mega security flaw
Windows users should update Paint 3D now
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Security researchers from Trend Micro’s Zero Day Initiative (ZDI) have discovered a new vulnerability in one of the least popular tools that comes pre-installed withWindows 10.
First introduced as part of theMicrosoft’s Creators Update back in 2016,Paint 3Dwas originally intended to be a replacement forMicrosoft Paintthat has shipped with the company’s operating system since Windows 1.0.
However, the3D modeling softwarenever saw the kind of adoption the software giant hoped for which is why Paint and Paint 3D continue to live alongside each other on Windows. This could change soon though as Paint 3D was not included in a recently leaked build ofWindows 11.
While difficult to exploit, the recently discovered flaw, which has now been patched by Microsoft, could be another reason why Paint 3D’s days may be numbered.
Remote code execution in Paint 3D
The vulnerability in Paint 3D, tracked asCVE-2021-31946, could be exploited by an attacker to execute arbitrary code after an unsuspecting users visits a malicious page or opens a malicious file according to a newsecurity advisoryfrom ZDI.
However, in order to exploit this vulnerability, an attacker would first need to achieve privilege escalation on a targeted system before persuading a user to open a malicious file or website.
ZDI discovered this vulnerability using a technique calledfuzzingearlier this year and it then reported its findings to Microsoft back in February. Thankfully the security researchers have not observed an exploits in the wild or publicly available proof-of-concept code which means that Windows users should be safe for now.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
At the same time, Microsoft has also issued a patch to address the vulnerability that is now rolling out to users' systems via theMicrosoft Store. If you don’t have automatic updates set up in the Microsoft Store, you can also manually download the update byfollowing these instructions.
We’ll have to wait and see if Paint 3D makes the cut in the next version of Microsoft’soperating systemthough the companyhas an eventplanned for later this month that will shed more light on Windows 11.
ViaThe Register
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
This new malware utilizes a rare programming language to evade traditional detection methods
Google puts Nvidia on high alert as it showcases Trillium, its rival AI chip, while promising to bring H200 Tensor Core GPUs within days
ICYMI: the week’s 7 biggest tech stories from Kindle Colorsoft yellowing woes to our PS5 Pro review
