[infoshare] Microsoft warns of flaw affecting 64-bit Windows 7

  • From: "Luis Guerra" <free_speech@xxxxxxxxxxx>
  • To: "InfoShare" <InfoShare@xxxxxxxxxxxxx>
  • Date: Thu, 20 May 2010 18:04:51 -0400

A vulnerability in the Canonical Display Driver (cdd.dll) in 64-bit versions 
of Windows 7 and Windows Server 2008 R2, and Windows Server 2008 R2 for 
Itanium-based
Systems, could allow remote code execution.

"The Windows Canonical Display Driver does not properly parse information 
copied from user mode to kernel mode," states Microsoft in a
security advisory
 published yesterday. "In most scenarios, an attacker who successfully 
exploited this vulnerability could cause the affected system to stop 
responding and
automatically restart. It is also theoretically possible, but unlikely due 
to memory randomization, that an attacker who successfully exploited this 
vulnerability
could run arbitrary code. An attacker could then install programs; view, 
change, or delete data; or create new accounts with full user rights."

To take advantage of the vulnerability, the attackers would have to trick 
the user into viewing a "specially crafted image file with an affected 
application",
likely hosted on a malicious Web site. To do that, it is likely that they 
would employ social engineering tactics such as sending an email or an IM 
message
containing the malicious link and purporting to be from a user's friend and 
to link back to a curious/funny image, video or test.

Microsoft has offered a workaround solution to help block known attack 
vectors before an patch for the flaw is issued and applied: disabling the 
Windows
Aero Theme (Start > Control Panel > Appearance and Personalization > Change 
the Theme > select one of the available Basic and High Contrast Themes). It
is yet unknown when a patch will be issued.

http://www.net-security.org/secworld.php?id=9313&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Other related posts:

  • » [infoshare] Microsoft warns of flaw affecting 64-bit Windows 7 - Luis Guerra
  1. Home
  2. infoshare
  3. Archive
  4. 05-2010