Microsoft warns of unpatched Windows driver flaw

By

Several versions affected.

Microsoft has disclosed a publicly known vulnerability in its Canonical Display Driver, which is used by the Windows desktop composition feature to blend drawings created in Graphics Device Interface and DirectX.

Systems running Windows 7 64-bit, Server 2008 R2 64-bit and Server 2008 R2 for Itanium are subject to the vulnerability, according to an advisory

The flaw can lead to remote code execution, but that is unlikely because reliable exploit code would be difficult to create, Jerry Bryant, group manager of response communications at Microsoft, said in a blog post. Users are more likely to experience an unresponsive system that keeps rebooting.

"Code execution, while possible in theory, would be very difficult due to memory randomization both in kernel memory and via Address Space Layout Randomization," Bryant said. "Additionally, this vulnerability only affects Windows systems if they have the Aero theme installed."

Aero is the graphical user interface installed in most editions of Windows 7 and Vista. However, it is not turned on by default in Server 2008 R2.

For those running systems on which Aero is switched on, users may want to disable it as a workaround, Bryant said.

"With Aero disabled, the path by which cdd.dll (Canonical Display Driver) can be exploited is bypassed," he said.

Microsoft is working on a patch. The software giant's next batch of fixes is due June 8.

See original article on scmagazineus.com

Microsoft warns of unpatched Windows driver flaw
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

WhatsApp banned on US House of Representatives devices

WhatsApp banned on US House of Representatives devices

Victoria's first government tech chief steps down

Victoria's first government tech chief steps down

Log In

  |  Forgot your password?