CVE-2017-0001 — Microsoft Graphics Device Interface (GDI)

Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability

Added to KEV

2022-03-03

Federal due date

2022-03-24

Vendor

Microsoft

Product

Graphics Device Interface (GDI)

EPSS

97.8th percentile (score 0.478, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Unknown

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2017-0001

CISA short description

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges

Required action

Apply updates per vendor instructions.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.