Check Point Research discovered a vulnerability within the Rust code implementation of the Windows graphics component, specifically targeting the Graphics Device Interface (GDI). This vulnerability was notable for its potential to trigger a Blue Screen of Death (BSOD) through the processing of user-controlled metafiles. Upon discovery, the issue was promptly reported to Microsoft, leading to a fix in the May 2025 release. The fuzzing methodology employed involved testing various metafiles and revealed several vulnerabilities that highlighted the risks presented by the new Rust-based kernel component.
The fuzzing campaign was challenging due to the system crashes encountered, which initially obscured the source of the problem. Subsequent testing refined the approach, allowing for the reproduction of the crash efficiently. Ultimately, the vulnerability linked to an out-of-bounds memory condition was confirmed, particularly when specific metafile data was processed. This incident underscores the ongoing concerns surrounding memory safety, despite Rust’s design principles aimed at preventing such issues, demonstrating that language choice alone cannot eliminate all security vulnerabilities.
👉 Pročitaj original: Check Point Research
