Описание
Windows Graphics Component Remote Code Execution Vulnerability
A remote code execution vulnerability exists due to the way the Windows Graphics Component handles objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
There are multiple ways an attacker could exploit the vulnerability:
- In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.
- In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit the vulnerability, and then convince a user to open the document file.
Note that for affected Microsoft Office products, the Preview Pane is an attack vector.
The security update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in the memory.
Обходное решение
Disable metafile processing Customers using Windows Vista or Windows Server 2008 can disable metafile processing by modifying the registry. This setting will help protect the affected system from attempts to exploit this vulnerability.
To modify the key by using Registry Editor, follow these steps: Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.
- Click Start, click Run, type Regedit in the Open box, and then click OK.
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
- On the Edit menu, point to New, and then click DWORD.
- Type DisableMetaFiles, and then press ENTER.
- On the Edit menu, click Modify to modify the DisableMetaFiles registry entry.
- In the Value data box, type 1, and then click OK.
- Exit Registry Editor.
- Restart the computer.
Impact of workaround. Turning off metafiles processing may cause the appearance of software or system components to decrease in quality. Turning off metafiles processing may also cause the software or system components to fail completely. This has been identified to have a potential significant functionality impact and should be evaluated and tested carefully to determine its applicability.
Examples include the following:
- You cannot print on the computer.
- Some applications on the computer may be unable to display Clipart.
- Some scenarios that involve OLE rendering may break.
To modify the key using a managed deployment script:
- Save the following to a file with a .REG extension (For example, Disable_MetaFiles.reg):
- Run the registry script on the target machine with the following command from an administrator (on Vista, an elevated administrator) command prompt:
Regedit.exe /s Disable_MetaFiles.reg
- Restart the computer
How to undo the workaround
- Click Start, click Run, type Regedit in the Open box, and then click OK.
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
- On the Edit menu, click Modify to modify the DisableMetaFiles registry entry.
- In the Value data box, type 0, and then click OK.
- Exit Registry Editor.
- Restart the computer.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows Vista Service Pack 2 | ||
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | ||
| Windows Server 2008 for 32-bit Systems Service Pack 2 | ||
| Windows Vista x64 Edition Service Pack 2 | ||
| Windows Server 2008 for x64-based Systems Service Pack 2 | ||
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | ||
| Windows 7 for 32-bit Systems Service Pack 1 | ||
| Windows 7 for x64-based Systems Service Pack 1 | ||
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | ||
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
Связанные уязвимости
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka "Windows Graphics Component RCE Vulnerability."
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka "Windows Graphics Component RCE Vulnerability."
Уязвимость операционной системы Windows, позволяющая нарушителю выполнить произвольный код
EPSS