CVE-2021-28348: 
vulnerability analysis and mitigation

Windows GDI+ Remote Code Execution Vulnerability (CVE-2021-28348) is a security flaw affecting Microsoft Windows systems. This vulnerability was disclosed on April 13, 2021, as part of Microsoft's Patch Tuesday updates. The vulnerability affects various Windows versions including Windows 10, Windows Server 2016, and Windows Server 2019 (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction to exploit. The vulnerability could lead to complete compromise of confidentiality, integrity, and availability of the target system (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute remote code on the affected system through the Windows GDI+ component. The vulnerability could lead to a complete compromise of the affected system's confidentiality, integrity, and availability (MITRE).

Microsoft has released security updates to address this vulnerability. Users are advised to apply the appropriate security updates through Windows Update or Microsoft Update Catalog. This vulnerability is addressed as part of the April 2021 security updates (Microsoft Security).