CVE-2017-0324 Microsoft CVE debrief

Who should care

Windows administrators, workstation and VDI teams, and security responders managing NVIDIA GPU drivers should prioritize this issue, especially on systems where local users can interact with the graphics stack.

Technical summary

NVD classifies this issue as CWE-119 and assigns a CVSS v3.0 vector of AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerable path is the kernel-mode DxgkDdiEscape handler in nvlddmkm.sys, where an input buffer size is not validated before use. The supplied evidence ties the issue to NVIDIA Windows GPU Display Driver, despite the prompt metadata listing Microsoft as vendor.

Defensive priority

High

Recommended defensive actions

• Inventory affected NVIDIA Windows GPU driver deployments and identify systems using the GPU Display Driver package referenced by the advisory.
• Apply NVIDIA's security update or driver package guidance from the linked vendor advisory for all affected endpoints.
• Treat the issue as a local privilege escalation and limit unnecessary local user access on exposed systems until remediation is complete.
• Monitor for driver crashes or stability issues involving nvlddmkm.sys as a potential indicator of exposure.
• Confirm remediation after updating by verifying the installed GPU driver version against NVIDIA's advisory guidance.

Evidence notes

The NVD record lists vulnerable CPE criteria for cpe:2.3:a:nvidia:gpu_driver and cites CWE-119. The NVD references point to NVIDIA advisory 4398. The prompt metadata says vendor Microsoft, but the supplied official evidence consistently attributes the vulnerability to NVIDIA Windows GPU Display Driver.

Official resources