Check Point Research (CPR) has identified a series of vulnerabilities within core Windows graphics components that enabled Remote Code Execution (RCE) and memory information exposure. The security flaws were located in widely used elements of the Windows graphics device interface, specifically impacting components such as DirectWrite and Direct2D. These components are integral to rendering text and 2D graphics in numerous Windows applications.

The research demonstrated that by processing a specially crafted font file or other graphical elements, an application could trigger these vulnerabilities. The flaws allowed for out-of-bounds read and write operations, which are memory corruption errors. Successful exploitation of these issues resulted in the ability to execute arbitrary code on a user’s machine or to read sensitive data from the system’s memory.

Details of the Graphics Component Flaws

The investigation by Check Point Research focused on the parsing of graphical elements within the Windows operating system. The discovered vulnerabilities were rooted in how the system’s graphics engine handled complex font files and 2D geometry rendering. The exploitation of these flaws did not require elevated privileges; they could be triggered by applications running with standard user permissions. The impact included the potential for an information leak, where memory contents could be exposed, and a more severe Remote Code Execution, where an attacker could run their own code on the affected system.

Coordinated Disclosure and Mitigation

Following the discovery of these critical security issues, Check Point Research followed a coordinated disclosure process and reported its findings to Microsoft. Microsoft acknowledged the vulnerabilities and subsequently developed patches to address them. These security updates were released to the public to remediate the identified risks. Users were advised to apply the relevant Windows security patches to protect their systems from potential exploitation of these graphics component vulnerabilities. The collaboration between CPR and Microsoft ensured that the issues were responsibly handled and a solution was made available to the public.

Source: https://research.checkpoint.com/2025/drawn-to-danger-windows-graphics-vulnerabilities-lead-to-remote-code-execution-and-memory-exposure/