Microsoft releases three security bulletins covering vulnerabilities in Windows for Patch Tuesday. One of the bulletins, rated critical, fixes an input validation situation related to GDI that could be exploited to run arbitrary code.
Microsoft released three security bulletins March 10 for Patch Tuesday, including a patch for a critical vulnerability in the Windows kernel affecting the graphics device interface.
According to Microsoft, the Windows kernel does not properly validate input passed from user mode through the kernel component of GDI. The vulnerability could allow hackers to run arbitrary code, and can be exploited by hackers via a malicious EMF or WMF image file.