A newly discovered flaw in Microsoft’s Rust-based Graphics Device Interface (GDI) kernel component allows unprivileged attackers to crash or take control of Windows systems.
Check Point Research (CPR) uncovered the issue in January 2025 and reported it to Microsoft. The company addressed the bug in the May 28, 2025 KB5058499 preview update (OS Build 26100.4202), with full rollout by late June.
Metafile Fuzzing Uncovers Kernel Panic
CPR’s investigation began with a fuzzing campaign focused on Windows metafiles. Fuzzing injects random or malformed data into software to discover weaknesses.
https://gbhackers.com/windows-gdi-vulne ... st-kernel/