Vulnerability overview
A remote code execution vulnerability exists in the Windows Graphics Device Interface (GDI). It occurs due to incorrect handling of an objects in memory. The attackers can execute arbitrary commands on the targeted system.
A Graphics Device Interface(GDI+) is the sub-system of windows operating system. It used by various applications for displaying information on screen and printers. It’s possible that an attackers can exploit privileges of vulnerable systems to gain additional controls. With privilege escalation attackers can do severe damage to the system without the victim knowledge.
This Vulnerability can be exploited, by tricking the user to open a malicious document or an attacker can inject evil code into the file. Remote code Execution leads to the full compromise of vulnerable machines. Microsoft has already released a patch to fix this bug.
POC source code is available here.
Technologies Affected
- Microsoft Windows 10
- Microsoft Windows 8.1
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
Solution
Best way to protect the system from RCE vulnerability is to patch your system with the latest updates from microsoft. Download patch from following Microsoft web page,
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0883
Mitigation
Qualys Threat Research Lab provides protection with the QID(s)# 91609. Kindly continue to follow on Qualys Threat Protection for more coverage on vulnerabilities.
References & Sources: