« previous next »
Pages: [1]   Go Down

Author Topic: Microsoft warns of 64-bit Windows 7 hole  (Read 325 times)

Offline TequilaChaser

  • AH Training Corps - Retired
  • Plutonium Member
  • *******
  • Posts: 10173
      • The Damned - founded by Ptero in 1988
Microsoft warns of 64-bit Windows 7 hole
« on: May 21, 2010, 01:37:03 AM »
Microsoft warns of 64-bit Windows 7 hole

Quote
Posted 19 May 2010 - 03:30 PM

Microsoft is working on a patch to fix a hole in a 64-bit Windows 7 graphics display component that could be exploited to crash the system or potentially take control of the computer by running code remotely.

The company is investigating a new publicly reported vulnerability in the Windows Canonical Display Driver (cdd.dll) that affects 64-bit versions of Windows 7 and Windows Server 2008 R2 and Itanium-based Windows Server 2008 R2. The driver allows applications to use graphics and formatted text on the video display and printer.

Microsoft is working on a security update to address the vulnerability and will release it once testing is complete, a Microsoft spokesperson said.

In the meantime, users can prevent anyone from exploiting the hole by disabling Windows Aero, which is a desktop experience available for the Home Premium, Business, Ultimate or Enterprise editions of Windows 7. The flaw only affects systems running Windows Aero, which is disabled by default on Windows Server 2008 R2. Information on the workaround is available in the security advisory issued on Tuesday.

"Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart," the advisory said. "We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time."

Some third-party image viewing applications may be affected by this issue if they use the application programming interfaces for Windows graphics device interface (GDI) to render images, the company said.

An attacker could exploit the hole by sending a victim a malicious image file with an affected application or lure the victim to visit a Web site hosting a malicious image file via an e-mail or instant message.


Source: CNET  http://news.cnet.com/8301-27080_3-20005420-245.html

Source: CNET  http://news.cnet.com/8301-27080_3-20005420-245.html

Also additional links:
http://www.microsoft.com/technet/security/advisory/2028859.mspx

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3678
Logged
"When one considers just what they should say to a new pilot who is logging in Aces High, the mind becomes confused in the complex maze of info it is necessary for the new player to know. All of it is important; most of it vital; and all of it just too much for one brain to absorb in 1-2 lessons" TC

Offline Reschke

  • Platinum Member
  • ******
  • Posts: 7724
      • VF-17 "The Jolly Rogers"
Re: Microsoft warns of 64-bit Windows 7 hole
« Reply #1 on: May 21, 2010, 08:57:28 AM »
Thanks for the heads up and the links.
Logged
Buckshot
Reschke from March 2001 till tour 146
Founder and CO VF-17 Jolly Rogers September 2002 - December 2006
"I'm baaaaccccckkk!"
Pages: [1]   Go Up
« previous next »