Microsoft has patched critical flaws in the Windows Graphics Device Interface (GDI) that could enable remote code execution and information disclosure. This follows comprehensive updates to address vulnerabilities found in GdiPlus.dll and gdi32full.dll files.
Vulnerability Details and Implications
Three vulnerabilities, affecting GdiPlus.dll and gdi32full.dll, were identified and patched between May and August 2025. The most critical, CVE-2025-53766, allows remote code execution, while CVE-2025-30388 and CVE-2025-47984 relate to memory access issues.
- GDI flaws stem from malformed enhanced metafile (EMF) and EMF+ records.
- Flaws enable attackers to perform memory corruption during image processing.
- Check Point Research identified out-of-bounds memory access vulnerabilities.
Attackers could use these flaws to overwrite memory or access sensitive data, potentially compromising systems without user intervention. Impacts were noted across Windows and in Microsoft Office for Mac and Android.
Patch Releases and Recommendations
Patches were issued for GdiPlus.dll versions 10.0.26100.3037 to 10.0.26100.4946 and gdi32full.dll version 10.0.26100.4652. Fixes included updates KB5058411, KB5062553, and KB5063878, focusing on new validation checks and corrected pointer arithmetic.
- Microsoft released updates in May (KB5058411), July (KB5062553), and August 2025 (KB5063878).
- Key updates included validation for rectangle data, scan-line trimming, and pointer correction.
Researchers recommend timely patching and heightened awareness to mitigate security risks. Organizations using affected software should prioritize these updates to protect against potential exploits.
