This vulnerability allows local attackers to force a loading of a privileged graphics driver by sending specially crafted Unicode string. This means that an attacker could exploit this vulnerability by sending an email attachment, downloading a malicious file, or visiting a malicious web site. This CVE ID is unique from CVE-2022-38000. This vulnerability was discovered by Kaveh Razavi of the Google Project Zero team. This issue affects Microsoft Windows 7, Windows 8, Windows 10, Windows Server 2012 and Windows Server 2012 R2. This CVE ID was fixed in the following Microsoft Windows releases: Windows 10 Version 1709 (10.0.17134)
Windows 10 Version 1607 (10.0.16134)
Windows 10 Version 1511 (10.0.1511)
Windows 10 Version 1507 (10.0.1507)
Windows 10 Version 1506 (10.0.1506)
Windows 10 Version 1505 (10.0.1505)
Windows 10 Version 1503 (10.0.1503)
Windows 10 Version 1502 (10.0.1502)
Windows 10 Version 1501 (10.0.1506)
Windows 10 Version 1402 (10.0.1402)
Windows 10 Version 1310 (10.0.1310)
Windows 10 Version 1307 (10.0.1307)
Windows 10 Version 1301 (
What is the purpose of a fine-grained graphics driver?
A fine-grained graphics driver allows the device to perform different tasks depending on what is being displayed. For example, when a user opens a word processing document, the graphics card would be used to show text and images while other processes are allowed to use it. This means that if the graphics card is not properly validated, an attacker could execute malicious code on the vulnerable machine without first having to enter a password.
Windows 8 and Windows Server 2012
Windows 8.1 (6.3.9600)
Windows 8 (6.2.9200)
Windows Server 2012 R2 (6.3.9600)
Windows Server 2012 (6.3.9600)
Timeline
Published on: 10/11/2022 19:15:00 UTC
Last modified on: 10/13/2022 15:50:00 UTC