Members
  • Total Members: 12816
  • Latest: t114563
Stats
  • Total Posts: 28524
  • Total Topics: 8240
  • Online Today: 900
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Microsoft confirms new 64-bit Windows 7 vulnerability (cdd.dll)  (Read 2188 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Microsoft said on Tuesday that it is investigating a publicly reported vulnerability in the Windows Canonical Display Driver (cdd.dll) affecting 64-bit versions of Windows 7 and Windows Server 2008 R2.

The flaw resides in the Canonical Display Driver, used by desktop composition to blend the Windows Graphics Device Interface (GDI) and DirectX drawing. The issue affects Windows 7 x64, Windows Server 2008 R2 x64, and Windows Server 2008 R2 for Itanium systems.  It is possible that the vulnerability could allow code execution, although successful code execution is unlikely due to memory randomization. If a malicious user were able to exploit the flaw it would "likely cause the affected system to stop responding and restart" according to a Microsoft spokesperson.

The flaw only affects systems running Windows Aero, which is disabled by default on Windows Server 2008 R2. "We’re currently developing a security update for Windows that will address the vulnerability", said Jerry Bryant - Manager of Response Communications at Microsoft. Bryant also advised that Windows 7 users could disable Windows Aero as a workaround to protect against potential threats.

Microsoft has issued a Security Advisory with full information on the vulnerability: http://www.microsoft.com/technet/security/advisory/2028859.mspx
According to security researchers Secunica, the flaw was originally discovered in April 2009 on an Irfanview forum. Secunica is rating the issue as "less critical": http://secunia.com/advisories/39577

(NW)

Samker's Computer Forum - SCforum.info





 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising