As 0day bugs go, this isn’t an earth-shattering development. But it’s still enough to cause concern. Mateusz Jurczyk at Google Project Zero discovered
[See the full post at: Another Windows 0day appears – gdi32.dll heap boundary error]
![]() |
There are isolated problems with current patches, but they are well-known and documented on this site. |
-
Another Windows 0day appears – gdi32.dll heap boundary error
Home » Forums » Newsletter and Homepage topics » Another Windows 0day appears – gdi32.dll heap boundary error
- This topic has 9 replies, 5 voices, and was last updated 5 years, 3 months ago.
AuthorTopicViewing 2 reply threadsAuthorReplies-
Noel Carboni
AskWoody_MVPFebruary 17, 2017 at 12:03 pm #95034Forgive me, but if this has been known for 3 months how is it technically a “0day”?
According to Google:
A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack.
(bold emphasis mine)
It might just be that Microsoft can’t fix it without a system redesign, and they realize that doing THAT in a hurry could cause serious problems and have weighed that knowledge against the risk of this bug causing serious problems.
It’s hard for me to see how Project Zero can be justified in releasing exploit code to the world.
Personally I dislike the term “zero day”, which is clearly intended to strike fear into the hearts of people who don’t take the time to know the details.
Just don’t download and run malware and you’ll be fine.
-Noel
1 user thanked author for this post.
-
anonymous
GuestFebruary 17, 2017 at 1:34 pm #95081“Just don’t download and run malware and you’ll be fine.” Well my friend. That’s easier said than done. Some people don’t know how to stay safe online. Also even if you’re the most careful person in the world it is still possible to slip up.
Also a legit site or program could be in fact compromised. Say one day AskWoody.com one day gets compromised. We could be redirected to a malware download. You could download what you think is a legit program but is indeed malware. Or you download an actual legit program from a legit source that’s been hacked so your download is a malware infested version of the thing you’re downloading.
There are compromised open wi-fi hotspots among other things. My point is Noel, there’s a lot more than simply not downloading malware and running it.
2 users thanked author for this post.
-
b
ManagerFebruary 19, 2017 at 8:18 am #95651Woody’s definition of zero-day: https://www.askwoody.com/forums/topic/pwnfest-brings-two-zero-day-system-level-hacks-of-edge/#post-23056
EDITED for content. Please follow the Lounge Rules posted at the bottom.
Windows 10 Pro version 21H2 build 19044.1682 + Microsoft 365 (group ASAP)
-
rc primak
AskWoody_MVPNoel Carboni
AskWoody_MVPFebruary 17, 2017 at 5:42 pm #95218My point is Noel, there’s a lot more than simply not downloading malware and running it.
My point in return is that, while I agree people out there will most certainly do things they shouldn’t (and everyone can make mistakes), it IS possible to set oneself up with a security environment + conscientious operation of the computer that really does keep you away from malware.
And it doesn’t require a lot of ongoing effort to maintain. Not surprisingly, the environment I’m describing – which I have working here – is pretty different from what people consider a “typical” setup with a virus scanner checking everything at the last possible instant, and it knocks your chances of becoming infected WAY down.
If I were to want to download software, I would start by evaluating, “do I really need this?” Conscientious computer users don’t just run anything they see to “see what happens”. That’s like seeing if a gun is loaded by pointing it at your head and pulling the trigger.
If I were to decide, “yes, I want this”, then I would do some online research. Google will quickly turn up claims of scam, and VirusTotal.com will check sites for a malicious nature.
Beyond the above, it would not even begin to download if it was coming from one of the tens of thousands of malware sites I have blacklisted from DNS resolution. The process that manages the list automatically gathers data from sources worldwide every day, so it’s always up to date.
Once I was able to download this hypothetical application, I most certainly would check it with local anti-malware software (e.g., MalwareBytes).
Assuming it passed a scan, I’d install and vet it in a throwaway virtual machine that can be restored in seconds to a prior snapshot. My virtual machine test environments are instrumented. I know what’s being done and what sites are being contacted.
Then, once I was sure of its function, I’d make the final decision whether to install and run it on my critical workstation.
Regarding things that run from the web, it IS possible to configure a browser not to just run any old thing it comes across online. Coupled with the blacklists that’s pretty effective at keeping infections from web pages at bay, and surprisingly the content is still available. Then if a previously trusted site becomes compromised, your system isn’t just going to infect itself.
If you’re not protected by blacklists, configuration of more secure browser settings, and doing conscientious computing then I can see how you might think that “not downloading malware” could be a mysterious and complicated thing. It’s not, really, and I can assure you it’s quite doable.
-Noel “malware-free going all the way back”
-
anonymous
GuestFebruary 17, 2017 at 10:06 pm #95263But keep in mind most people are gonna know how to or have the patience to setup virtual machines or configure DNS blacklists. Most don’t even want to install Windows Updates. Most people don’t even know there’s a lot of things they can do to keep themselves safe. That’s the point I was trying to make. My response wasn’t talking about you specifically Noel. Just most people in general who don’t know anything about this stuff.
-
Noel Carboni
AskWoody_MVPFebruary 19, 2017 at 11:24 am #95673I appreciate that. I just feel it’s important to inform “most people” how things actually could be, so they don’t believe they have to settle for “good enough”. Frankly, the “run of the mill” ways of protecting systems (i.e., invite malware in and at the last minute try to block it) haven’t been all that good, historically.
Not EVERYONE lacks the patience or prowess to do more to ensure their security, and I think those reading this site might be especially inclined to want more info. How does an uninformed person become informed if they don’t know doing things better is even possible?
-Noel
-
anonymous
GuestFebruary 19, 2017 at 12:26 pm #95682@noel-carboni, Could you reveal how to set up your superior anti-malware system and keep it updated automatically?
-
Noel Carboni
AskWoody_MVPFebruary 19, 2017 at 2:27 pm #95839I’m happy to share. What would you like to know about it?
My blacklisting strategy is pretty simple: It’s based on returning “not found” DNS responses from an open source DNS proxy package I’ve modified to increase list capacity. I run the package on a server, but it can be run on the same machine that uses it. It’s not a very heavy resource user.
I run a script on a Task Scheduler schedule that retrieves publicly available malware / tracking / adware site and domain lists from various online sources once a day and creates two master lists: Specific blacklisted servers (today a bit over 60,000 entries), and wildcarded domains (today a bit over 24,000 entries).
If a site name is blacklisted, it’s address is simply returned as “not found” and no browser or application will be able to contact it.
If a site name is not in the blacklists it’s considered legit and is forwarded to real online DNS servers (I use OpenDNS), then the resolved address is returned to the originator.
This is all done at millisecond time scales. The net gain from sites not loading all the ads/tracking junk far outweighs the additional few milliseconds to search the lists and forward requests.
If you’d like to follow my lead please feel free to read more and download the software I use here:
http://win10epicfail.proboards.com/post/2284/thread
I’m not saying this isn’t geeky – it’s incredibly so. Maybe one day I’ll polish it up into some kind of turnkey package. But it works – and really well.
-Noel
1 user thanked author for this post.
-
Viewing 2 reply threads -
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.
Search Newsletters
Search Forums
View the Forum
Search for Topics
Recent Topics
-
Updates triggered bfsvc.exe and fveupdate.exe?
by
Moonbear
3 hours, 16 minutes ago -
Windows 10 Build 19044.1739 (21H2) to Release Preview Channel
by
joep517
5 hours, 10 minutes ago -
Out of band question
by
69800
8 hours, 15 minutes ago -
MS-DEFCON 4: A mixed bag for May
by
Susan Bradley
1 hour, 35 minutes ago -
Recommendations for call recording options?
by
Wheel_D
12 hours, 10 minutes ago -
Windows Mail
by
Rhino
2 hours, 40 minutes ago -
Can’t reach website using chrome and edge
by
mike4381
9 hours, 24 minutes ago -
Microsoft: Windows 11’s product satisfaction and adoption is highest ever
by
Alex5723
4 hours, 2 minutes ago -
Laptop has Internet but no manual ip address communication
by
R-Type
1 day, 5 hours ago -
Please Disallow Anonymous (Guest) Postings
by
lmacri
2 hours, 7 minutes ago -
Bionic Reading
by
Alex5723
8 minutes ago -
Want laptop graphics power specs? They might not be easy to find.
by
B. Livingston
3 hours, 41 minutes ago -
Discover the useful but hidden extras at Office.com
by
Peter Deegan
1 day, 13 hours ago -
Solid-state drives — from bespoke to commodity
by
Ben Myers
5 hours, 3 minutes ago -
Debugging feature-update failures
by
Susan Bradley
1 day, 7 hours ago -
Tired of memorizing so many passwords? Here comes FIDO!
by
Nibbled To Death By Ducks
18 hours, 15 minutes ago -
Pop! OS and HP
by
Microfix
1 day, 16 hours ago -
Need help with batch file
by
RobertG
1 day, 14 hours ago -
Lonestar plans to put datacenters on the Moon
by
alejr
41 minutes ago -
Bing censoring names considered ‘sensitive’ to Chinese governmen
by
Cybertooth
1 day, 2 hours ago -
Ewaste or usable – week 3
by
Susan Bradley
18 hours, 15 minutes ago -
Want Lotus 123 on your Linux computer?
by
Susan Bradley
1 day, 22 hours ago -
Problems with HP specific version of Windows 11?
by
anonymous
6 hours, 14 minutes ago -
Icons Mysteriously Show up my Win10 Taskbar
by
blueboy714
3 days, 6 hours ago -
Old Win 10 computer freezes on boot
by
Göran Lindgren
1 day, 22 hours ago -
0Patch fixes vulnerabilities (CVE-2022-26809 and CVE-2022-22019) in Windows
by
Nibbled To Death By Ducks
3 days, 12 hours ago -
6000008 Instructions to get rid of Search highlights in Windows 10 and 11
by
Susan Bradley
1 hour, 49 minutes ago -
Windows 11 Insider Preview build 22000.706 released to Release Preview
by
joep517
4 days, 3 hours ago -
Norton website trying to save files unprompted
by
anonymous
3 days, 20 hours ago -
Passing a value to the next Mail Merge record
by
PStepanas
2 days, 17 hours ago
Recent blog posts
- MS-DEFCON 4: A mixed bag for May
- Want laptop graphics power specs? They might not be easy to find.
- Discover the useful but hidden extras at Office.com
- Solid-state drives — from bespoke to commodity
- Debugging feature-update failures
- Ewaste or usable – week 3
- Master Patch List as of May 19, 2022 – out of band for server auth issues
- The annoyances of the default behavior in Teams
Key Links
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2022 by AskWoody Tech LLC. All Rights Reserved.