Windows GDI flaw leads to PowerShell attacks
A critical vulnerability in the Windows GDI (graphics device interface) that Microsoft patched in its latest round of security updates was exploited by a sophisticated attack group to escape browser-based sandboxes and remotely execute malicious code, according to Kaspersky Lab.
Windows GDI is an API that helps applications work with graphics and formatted text on video displays and printers. The remote code execution flaw stemmed from how GDI handled objects in memory (CVE-2016-3393), and the issue has been addressed in critical bulletin (MS16-120), Microsoft said. The vulnerability affected all supported versions of Windows operating system, Microsoft Office 2007 and Office 2010, Skype for Business 2016, Silverlight, .Net Framework, Microsoft Lync 2013, and Microsoft Lync 2010.