Описание
Windows Graphics Component Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows Graphics Component (GDI32.dll) fails to properly handle objects in memory, allowing an attacker to retrieve information that could lead to an Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited this vulnerability could cause an information disclosure to bypass the ASLR security feature that protects users from a broad class of vulnerabilities.
The security feature bypass itself does not allow arbitrary code execution. However, an attacker could use the ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage of the ASLR bypass to run arbitrary code.
To exploit this vulnerability, an attacker would have to convince a use to run a specially crafted application.
The security update addresses the vulnerability by correcting how the Windows Graphics Component handles addresses in memory.
Обходное решение
Disable WINS/NetBT name resolution
- Open Network Connections.
- Click the Local Area Connection to be statically configured, and then from the File menu, click Properties.
- In the list of components, click Internet Protocol (TCP/IP), and then click Properties.
- Click Advanced, click the WINS tab, and then click Disable NetBIOS over TCP/IP. Optionally, you can select the Use NetBIOS setting on the DHCP server if you are using a DHCP server that can selectively enable and disable NetBIOS configuration through DHCP option types.
Stop WPAD using a host file entry.
- Open the host file located at following location as an administrator: %systemdrive%\Windows\System32\Drivers\etc\hosts
- Create the following entry for WPAD in the host file: 255.255.255.255 wpad.
Impact of workaround. Autoproxy discovery will not work, and for this reason, some applications, such as Internet Explorer, will not be able to load websites properly.
How to undo the workaround.
- Open the host file located at following location as an administrator:** %systemdrive%\Windows\System32\Drivers\etc\hosts**
- Remove the following entry for WPAD in the host file: 255.255.255.255 wpad.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows Vista Service Pack 2 | ||
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | ||
| Windows Server 2008 for 32-bit Systems Service Pack 2 | ||
| Windows Vista x64 Edition Service Pack 2 | ||
| Windows Server 2008 for x64-based Systems Service Pack 2 | ||
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | ||
| Windows 7 for 32-bit Systems Service Pack 1 | ||
| Windows 7 for x64-based Systems Service Pack 1 | ||
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | ||
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
Связанные уязвимости
GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Windows Graphics Component Information Disclosure Vulnerability."
GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Windows Graphics Component Information Disclosure Vulnerability."
Уязвимость операционной системы Windows, позволяющая нарушителю обойти защитный механизм ASLR
EPSS