发布日期：2021-01-12
更新日期：2021-01-13

受影响系统：

Microsoft Windows Server 20H2 (Server Core Insta
Microsoft Windows Server 2019 (Server Core Insta
Microsoft Windows Server 2019
Microsoft Windows Server 2016 (Server Core Insta
Microsoft Windows Server 2016
Microsoft Windows Server 2012 R2 (Server Core in
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2004 (Server Core insta
Microsoft Windows Server 1909 (Server Core insta
Microsoft Windows RT 8.1
Microsoft Windows 8.1 for x64-based systems
Microsoft Windows 8.1 for 32-bit systems
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 7 for 32-bit Systems SP1
Microsoft Windows 10 for x64-based Systems
Microsoft Windows 10 for 32-bit Systems
Microsoft Windows 10 20H2 for x64-based Systems
Microsoft Windows 10 20H2 for ARM64-based Systems
Microsoft Windows 10 20H2 for 32-bit Systems
Microsoft Windows 10 2004 for x64-based Systems
Microsoft Windows 10 2004 for ARM64-based Systems
Microsoft Windows 10 2004 for 32-bit Systems
Microsoft Windows 10 1909 for x64-based Systems
Microsoft Windows 10 1909 for ARM64-based Systems
Microsoft Windows 10 1909 for 32-bit Systems
Microsoft Windows 10 1809 for x64-based Systems
Microsoft Windows 10 1809 for ARM64-based Systems
Microsoft Windows 10 1809 for 32-bit Systems
Microsoft Windows 10 1803 for x64-based Systems
Microsoft Windows 10 1803 for ARM64-based Systems
Microsoft Windows 10 1803 for 32-bit Systems
Microsoft Windows 10 1607 for x64-based Systems
Microsoft Windows 10 1607 for 32-bit Systems

描述：

---

CVE(CAN) ID: CVE-2021-1708

Microsoft Windows Graphics Device Interface（Microsoft Windows GDI）是美国微软（Microsoft）公司的Windows 设备图形设备接口。该接口负责系统与绘图程序之间的信息交换，处理所有Windows程序的图形和图像输出。
Windows GDI+存在信息泄露漏洞。攻击者可在与其他漏洞结合的情况下利用该漏洞执行任意代码。

<**>

建议：

---

厂商补丁：

Microsoft
---------
Microsoft已经为此发布了一个安全公告 (CVE-2021-1708) 以及相应补丁:CVE-2021-1708: Windows GDI+ Information Disclosure Vulnerability.
链接： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1708

浏览次数：868
严重程度：0（网友投票）