VIA Root - Canonical Display Driver bug found on latest 64-bit Windows versions

VIARoot

Security News

Security alerts

Business IT security Services

Security Tools

About VIARoot

Canonical Display Driver bug found on latest 64-bit Windows versions

Search

Security News

25% Of Malware Spread Via USB Drives
Mathew J. Schwartz, InformationWeek
2010-08-27 14:11:17
Email and peer-to-peer networks also rank as significant venues for malware attacks, which have increased slightly in the U.S. but declined in Europe, according to Panda Security.

Intel Buys McAfee
Hugo Jean, Heptacube Inc.
2010-08-24 14:51:53
The motivation behind the $7.68 billion deal is unclear, but Intel says it wants to integrate computer security into its hardware.

IT Directory

Wiseleap Solutions Inc.
Founded in 2005, Wiseleap Solutions Inc.'s mission consists in providing companies with the information necessary to make cri [...]

IT Ration Consulting Inc.
IT-Ration Consulting inc has been a NetSuite Partner since 2005 and helps your enterprise grow by aligning your Information T [...]

HumanWare
Empowering People Focused on enhancing the lives of people with visual and learning disabilities, HumanWare provide [...]

By Hugo Jean, Heptacube Inc.
2010-05-19 11:30:03
The advisory, published yesterday, warns Windows 7 x64, Windows Server 2008 R2 x64, and Windows Server 2008 R2 for Itanium systems users of a vulnerability in Canonical Display Driver Could that could allow remote code execution. Apparently, the cdd.dll file could be exploited by a remote user to take control of and for instance shut down a vulnerable machine. The attacker would have to convince the user to view a specially crafted image file with a vulnerable application or make him visit a Web page containing one such image file. The target would likely be lured into such actions by social engineering techniques. Microsoft has given this vulnerability an Exploitability Index rating of only 3, or "Functioning exploit code unlikely." The reason for this low rating is because "code execution, while possible in theory, would be very difficult due to memory randomization both in kernel memory and via Address Space Layout Randomization (ASLR)," as explained by Jerry Bryant on the Microsoft Security Response Center (MSRC) blog. Microsoft is currently working on a fix for this issue, but since the vulnerability is treated as a low-level threat, maybe we can expect to see a patch only with next month's Patch Tuesday, in three weeks. In the meantime, Microsoft has provided some workarounds for its affected clients, the first of which is to simply disable the Aero Theme in the Control Panel. It is also possible to disable it using Group Policy "to set policy for a machine, for an organizational unit or an entire domain." In addition, Microsoft precised that "by default, Windows Aero is not enabled in Windows Server 2008 R2. Also, Windows Server 2008 R2 does not include Windows Aero-capable graphics drivers." In order to be vulnerable and possibly get infected, a Windows Server 2008 R2 user would therefore have to "obtain graphics drivers from a third-party vendor or from the graphics adapter manufacturer," and manually enable the Aero Theme. Microsoft is "not aware of attacks that try to use the reported vulnerability or of customer impact at this time."

Reference 1: http://www.itpro.co.uk/623455/security-flaw-hits-windows-7-graphics

Reference 2: http://blogs.technet.com/msrc/archive/2010/05/18/security-advisory-2028859-released.aspx

Reference 3: http://www.microsoft.com/technet/security/advisory/2028859.mspx

Tags

Aero Microsoft Server2008R2 Windows7 x64