News

Microsoft Patches Bevy of GDI Flaws

As promised, Microsoft Corp. today released an out-of-band update to correct a bevy of flaws in its Windows GDI implementation.

At least one of these flaws, which collectively affect all supported versions of Windows -- including Windows Vista -- has already been linked to a known zero day attack exploit. Microsoft last week confirmed that an attacker who successfully exploits a flaw in its Windows Animated Cursor Handling implementation can take complete control of a compromised Windows system.

Today's update patches this flaw and six others.

The complete tally includes:

The Windows Animated Cursor Handling vulnerability is the only known flaw for which exploit code -- and actual zero day attacks -- have been substantiated. Microsoft originally planned to patch these flaws during its scheduled April 10 update (part of its monthly Patch Tuesday update proces), but instead decided to release an out-of-band update, officials confirm.

"We have been monitoring the situation throughout and our indications, and those of our MSRA partners, show there is a threat for attacks against this vulnerability to increase, although we haven't seen anything widespread," wrote Christopher Budd on Microsoft's Security Response Center (MSRC) blog. "Based on customer feedback and our teams' ability to complete testing in an expedited manner by working around the clock, we've gone ahead and released this update early to help better protect customers from this threat."

Customers typically like to take their time before rolling out operating system updates on production systems but, in this case, Budd urges admins to expedite this process. "We are encouraging customers to test and deploy this update as quickly as possible as well as ensure that you have the latest signatures and updates for your security products such as anti-virus," he indicated.

Budd recommends that users also check Microsoft's Master Knowledge Base article to determine which potential conflicts-- if any -- could crop up once they deploy the update. He noted that there's at least one known issue which affects Windows XP SP2 users of Realtek's HD Audio Control Panel, for which there is a hotfix available.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.