Third-Party Vendor Issues Temporary Patch for Windows GDI Vulnerability

An anonymous reader writes: A vulnerability discovered by Google Project Zero security researchers and left without a patch by Microsoft received a temporary fix from third-party security vendor ACROS Security. Microsoft is set to officially patch the flaw on March 15, after it previously pushed back February's Patch Tuesday for next month.

The vulnerability, tracked as CVE-2017-0038, is a bug in Windows GDI (Graphics Device Interface) that can be exploited via malicious EMF files embedded in Office documents or images sent via Internet Explorer. The flaw can be used to read contents from a victim's RAM. When Microsoft issues an official update, the temporary patch will stop working immediately.