Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (MS13-089)

ITS Advisory Number: 
2013-107
Date(s) Issued: 
Tuesday, November 12, 2013
Subject: 
Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (MS13-089)
Overview: 

A vulnerability has been identified with a Graphics Device Interface in Microsoft Windows, which could allow remote code execution. Microsoft Windows graphics device interface (GDI) that enables applications to use graphics and formatted text on video displays and on printers. The vulnerability could allow remote code execution if a user views or opens a specially crafted Windows Write file in WordPad.  Successful exploitation could result in the attacker gaining the same user rights as the current user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Systems Affected: 
  • Microsoft Windows XP
  • Microsoft Windows Vista
  • Microsoft Windows 7
  • Microsoft Windows 8
  • Microsoft Windows 8.1
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Windows RT
  • Windows RT 8.1
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) processes specially crafted Windows Write files in WordPad. An attacker could use this vulnerability by a user opening a specially crafted attachment in an email message, opening a specially crafted file or browsing a specially crafted webpage. Successful exploitation could result in the attacker gaining the same user rights as the current user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Actions: 
  • Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Remind users not to open e-mail attachments from unknown users or suspicious e-mails from trusted sources.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
References: 
Microsoft:
https://technet.microsoft.com/en-us/security/bulletin/ms13-089
CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3940