Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows 7 x64 And Server 2008 R2 Vulnerability Emerges

19 May 2010   #1
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 
Windows 7 x64 And Server 2008 R2 Vulnerability Emerges

Security Advisory 2028859 Released

Hello all. As we start the week we’re investigating a publicly reported vulnerability in the Windows Canonical Display Driver (cdd.dll) and have released Security Advisory 2028859 to describe our findings. We’re not aware of any current customer impact as a result of the issue.

The Canonical Display Driver is used by desktop composition to blend the Windows Graphics Device Interface (GDI) and DirectX drawing. The vulnerability affects Windows 7 x64, Windows Server 2008 R2 x64, and Windows Server 2008 R2 for Itanium systems. If exploited, it would likely cause the affected system to stop responding and restart. Code execution, while possible in theory, would be very difficult due to memory randomization both in kernel memory and via Address Space Layout Randomization (ASLR). Additionally, this vulnerability only affects Windows systems if they have the Aero theme installed; Aero is not switched on by default in Windows Server 2008 R2, nor does 2008 R2 include Aero-capable graphics drivers by default.

With that in mind, we are giving this vulnerability a preliminary Exploitability Index rating of 3, meaning we’ve deduced so far that reliable exploit code is unlikely. We’re currently developing a security update for Windows that will address the vulnerability. In the meantime, customers may choose to disable Windows Aero as a workaround to protect against potential threats. With Aero disabled, the path by which cdd.dll can be exploited is bypassed.

We are also actively working with partners in our Microsoft Active Protections Program (MAPP) and have provided them with in-depth information on the issue so they can provide broader protections to customers. To see if your security vendor is a member of MAPP, please visit our MAPP Partners page. As ever, we encourage all Windows users to apply the latest Microsoft security updates to help make sure their computers are as protected as possible.

The Microsoft Security Response Center (MSRC) : Security Advisory 2028859 Released

Microsoft Security Advisory (2028859): Vulnerability in Canonical Display Driver Could Allow Remote Code Execution

A Guy


My System SpecsSystem Spec
.

Reply

 Windows 7 x64 And Server 2008 R2 Vulnerability Emerges




Thread Tools





Similar help and support threads
Thread Forum
setting up a server for school help (windows server 2008)
As my final project for the year i am setting up a server that we will eventually move all our computers on to. I am using a poweredge 2900 as a server with windows server 2008 installed. As of now i have 2 computers connected to the domain which they can log on to. - what i need help with -...
Network & Sharing
Help choose: Windows Home Server 2011 vs. Windows Server 2008 R2
I have a file server at home with a Quad core, 4gb ram, and a 3tb of storage. It is running Ubuntu Desktop and sharing video files primarily. From my school I have access to a free copy of Windows Server 2008 R2. Other than the server I have 2 Windows 7 desktops, 1 Windows 7 laptop and 1 Windows...
Software
Windows 2008 Server or Linux for server
Hi all Have been a LONG LONG user of Linux as a server (hosting VM's XP / W7 mix) and file / print sharing. I used to avoid MS like the plague as far as SERVER environments are concerned - probably because my first experince was Windows NT (Windows NeanderThal or Windows No Thanks) which was...
Network & Sharing
Windows home server vs Server 2008 R2
I'm trying to decide between Windows Home Server and Windows Server 2008 R2 for my home server PC. Ordinarily it would be a clear cut choice, but I've got a free copy of Server 2008 R2 through my academic MSDN subscription. I'd like to avoid spending extra money if Server 2008 R2 would do the job....
Software
New Windows 0-day vulnerability emerges, bypasses UAC
Info on this can be found at New Windows 0-day vulnerability emerges, bypasses UAC | WinRumors "Giuliani warned that Windows XP, Vista and Windows 7 were all vulnerable to attack, including 32-bit and 64-bit editions. Prevx says they have not see any malware exploiting this flaw but warned...
Security News
Windows Server 2008 R2
Anyone know of forums like these for the R2 beta of Windows Server 2008? I'm testing it as well and would love to read more about it from users.
Software

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 07:15.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App