SB2017091220 - Information disclosure in Microsoft Windows GDI
Published: September 12, 2017
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2017-8676)
The vulnerability allows a local user to obtain potentially sensitive information.
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. A local user can gain access to potentially sensitive information.
2) Information disclosure (CVE-ID: CVE-2017-8688)
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists due to improper handling objects in memory by the Windows Graphics Device Interface+ (GDI+). A local attacker can run a specially crafted application and retrieve arbitrary data on the target system.
3) Information disclosure (CVE-ID: CVE-2017-8684)
The vulnerability allows a local user to obtain potentially sensitive information.
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. A local user can gain access to potentially sensitive information.
4) Information disclosure (CVE-ID: CVE-2017-8685)
The vulnerability allows a local user to obtain potentially sensitive information.
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. A local user can gain access to potentially sensitive information.
Remediation
Install update from vendor's website.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8688
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8684
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8685