Administrator DKT27 Posted May 19, 2010 Administrator Share Posted May 19, 2010 Microsoft is working on a patch to fix a hole in a 64-bit Windows 7 graphics display component that could be exploited to crash the system or potentially take control of the computer by running code remotely. The company is investigating a new publicly reported vulnerability in the Windows Canonical Display Driver (cdd.dll) that affects 64-bit versions of Windows 7 and Windows Server 2008 R2 and Itanium-based Windows Server 2008 R2. The driver allows applications to use graphics and formatted text on the video display and printer. Microsoft is working on a security update to address the vulnerability and will release it once testing is complete, a Microsoft spokesperson said. In the meantime, users can prevent anyone from exploiting the hole by disabling Windows Aero, which is a desktop experience available for the Home Premium, Business, Ultimate or Enterprise editions of Windows 7. The flaw only affects systems running Windows Aero, which is disabled by default on Windows Server 2008 R2. Information on the workaround is available in the security advisory issued on Tuesday. "Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart," the advisory said. "We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time." Some third-party image viewing applications may be affected by this issue if they use the application programming interfaces for Windows graphics device interface (GDI) to render images, the company said. An attacker could exploit the hole by sending a victim a malicious image file with an affected application or lure the victim to visit a Web site hosting a malicious image file via an e-mail or instant message. Security firm Secunia rates the vulnerability as "less critical," one level up from the lowest rating of "not critical." Source: CNET Link to comment Share on other sites More sharing options...
sanjoa Posted May 19, 2010 Share Posted May 19, 2010 :fear: I'm using x64 Win7 Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted May 19, 2010 Author Administrator Share Posted May 19, 2010 Same here. Have a strict layered security. Not everyone's PC gets exploited. ;) Link to comment Share on other sites More sharing options...
sanjoa Posted May 19, 2010 Share Posted May 19, 2010 I always surf internet with care. Me using ESET NOD32 3 + MBAM 1.46 + Trojan Remover 6.0.184 Link to comment Share on other sites More sharing options...
aalpha1 Posted May 20, 2010 Share Posted May 20, 2010 I am also using Win7 x64, but I think that I will be secure until Microsoft fixes that! Link to comment Share on other sites More sharing options...
Tunerz Posted May 21, 2010 Share Posted May 21, 2010 It's only a matter of time until malware writers jump into the 64-bit bandwagon. Till then we need to be careful. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.