CVE-2017-0001
Published: 17 March 2017
Summary
CVE-2017-0001 is a high-severity an unspecified weakness vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 2.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability is an elevation of privilege flaw in the Graphics Device Interface (GDI) component of Microsoft Windows. It affects Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607. Local users can exploit the issue by running a crafted application, which enables them to gain additional privileges on the system. The weakness is tracked as CVE-2017-0001 and is distinct from related GDI issues in CVE-2017-0005, CVE-2017-0025, and CVE-2017-0047.
A local attacker with the ability to execute code on an affected system can leverage the flaw to elevate privileges. The CVSS 3.1 base score of 7.8 reflects that the attack requires low complexity, no user interaction beyond running the application, and yields high impact to confidentiality, integrity, and availability under a local attack vector.
Microsoft published guidance for the issue through its Security Response Center advisory at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0001, along with supporting details on vendor tracking sites such as SecurityFocus and SecurityTracker. No information is provided on observed in-the-wild exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-0368
Vulnerability details
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local…
more
users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0005, CVE-2017-0025, and CVE-2017-0047.
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Least privilege directly limits the additional rights a local attacker can obtain after exploiting the GDI flaw with a crafted application.
Access enforcement prevents the unauthorized privilege elevation that the GDI vulnerability enables for a local process.
Flaw remediation requires prompt application of the vendor patch that eliminates the GDI elevation-of-privilege weakness.