Microsoft patches critical bugs in Windows graphics system

Microsoft issued a critical patch for two vulnerabilities in the core graphics subsystem of Windows as one of eight fixes released Tuesday

Microsoft issued a critical patch for two vulnerabilities in the core graphics subsystem of Windows, one of eight fixes released Tuesday as part of its monthly security updates.

Microsoft released a total of five critical patches in its April security bulletin. Two of them fix bugs in Windows, two fix bugs in Windows and Internet Explorer (IE), and one fixes a vulnerability in Microsoft Office. The critical rating means an attacker could potentially exploit the flaws to hack into a victim's computer.

The other patches fix vulnerabilities in Windows and Office and were rated "important." Microsoft releases patches on the second Tuesday of every month, which has become known in the industry as "Patch Tuesday."

MS08-021 fixes two vulnerabilities in Windows' graphics device interface (GDI), one of three core Windows subsystems, that could allow a hacker to take over someone's computer if a user opens certain kinds of image files, according to Microsoft.

Eric Schultze, chief technology officer of security and patch-management company Shavlik Technologies, said the GDI patch is the most important because it fixes vulnerabilities that could create "a trifecta of problems" across all versions of Windows, from Windows 2000 to the latest Windows Server 2008 release. "If you visit an evil Web site, read an evil e-mail or open an evil document, you can get hacked," he said.

Schultze said the GDI issue has come up twice before, "dating back to January 2006," which means that this is Microsoft's third attempt at fixing the problems. "Hackers have come up with different variants" to attack the same vulnerabilities, he said.

Of the five patches marked critical, Schultze recommended that users also immediately install two others -- MS08-022, which affects Windows, and MS08-024, which affects both Windows and IE.

MS08-022 patches a vulnerability in VBScript and JScript scripting engines in Windows that originally was supposed to be patched in January, but Microsoft pulled the patch at the last minute because it wasn't ready, Schultze said. MS08-24 patches a vulnerability found in all versions of IE.

Amol Sarwate, manager of the Vulnerability Research Lab at security service provider Qualys, agreed that MS08-021 and MS08-022 are among the top three most important patches, but considers critical patch MS08-023 more important than MS08-022. MS08-023 fixes an ActiveX vulnerability that affects both Windows and Internet Explorer.

In Sarwate's opinion, MS08-021, MS08-022 and MS08-023 are especially important for users because they affect all versions of Windows, even if no other software is installed on the machine.

He also noted that because five of the eight patches affect both early client and server versions of Windows through the most current Windows Vista and Windows Server 2008 OSes, hackers are taking advantage of Microsoft's reuse of code throughout different versions of the OS.

The fifth critical patch, MS08-018, affects Microsoft Office, fixing a vulnerability that can be exploited when a user opens an Office Project file.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Elizabeth Montalbano

IDG News Service
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?