A micropatch fixing a remote code execution (RCE) vulnerability in the Windows Graphics Device Interface (GDI+) is now available through the 0patch platform for Windows 7 and Server 2008 R2 users.
The patch is available for 0Patch users with PRO accounts with fully updated Windows 7 or Server 2008 R2 devices who haven't yet enrolled in Microsoft's Extended Security Updates (ESU) service (1, 2).
At the moment, only organizations with volume-licensing agreements or small-and-midsize businesses can get an ESU license until January 2023.
"All others have an official update available from Microsoft," as 0patch co-founder Mitja Kolsek told BleepingComputer. "If it turns out that many users on supported versions can't apply the official March update (e.g., functional problems), we'll port it for them too."
The Windows Graphics Device Interface RCE bug
Microsoft released security fixes for the vulnerability tracked as CVE-2020-0881 on March 10, during this month's Patch Tuesday, with all ESU enrolled organizations receiving them on all vulnerable Windows 7 or Server 2008 R2 systems.
The vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory and it could enable attackers who successfully exploit it to take control of unpatched systems.
"An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," Microsoft's security advisory explains.
"Users whose accounts are configured to have fewer user rights on the system could be less im ..
Support the originator by clicking the read the rest link below.
