Cyber Resilience

CVE-2017-0001

HighCISA KEVActive ExploitationEUVD Exploited

Published: 17 March 2017

Published
17 March 2017
Modified
22 April 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.4781 97.8th percentile
Risk Priority 64 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2017-0001 is a high-severity an unspecified weakness vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 2.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability is an elevation of privilege flaw in the Graphics Device Interface (GDI) component of Microsoft Windows. It affects Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607. Local users can exploit the issue by running a crafted application, which enables them to gain additional privileges on the system. The weakness is tracked as CVE-2017-0001 and is distinct from related GDI issues in CVE-2017-0005, CVE-2017-0025, and CVE-2017-0047.

A local attacker with the ability to execute code on an affected system can leverage the flaw to elevate privileges. The CVSS 3.1 base score of 7.8 reflects that the attack requires low complexity, no user interaction beyond running the application, and yields high impact to confidentiality, integrity, and availability under a local attack vector.

Microsoft published guidance for the issue through its Security Response Center advisory at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0001, along with supporting details on vendor tracking sites such as SecurityFocus and SecurityTracker. No information is provided on observed in-the-wild exploitation.

EU & UK References

Vulnerability details

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local…

more

users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0005, CVE-2017-0025, and CVE-2017-0047.

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
all versions
microsoft
windows 10 1511
all versions
microsoft
windows 10 1607
all versions
microsoft
windows 7
all versions
microsoft
windows 8.1
all versions
microsoft
windows rt 8.1
all versions
microsoft
windows server 2008
all versions, r2
microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
all versions
microsoft
windows vista
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Least privilege directly limits the additional rights a local attacker can obtain after exploiting the GDI flaw with a crafted application.

prevent

Access enforcement prevents the unauthorized privilege elevation that the GDI vulnerability enables for a local process.

prevent

Flaw remediation requires prompt application of the vendor patch that eliminates the GDI elevation-of-privilege weakness.

References