Article

Microsoft issues advisory for Windows display driver flaw

SearchSecurity.com Staff

Microsoft has issued a security advisory, Tuesday, warning users of a publicly reported vulnerability in the Windows Canonical Display Driver, a Windows component used to handle graphics and DirectX drawing in games and other

    Requires Free Membership to View

software programs.
We've deduced so far that reliable exploit code is unlikely.
Jerry Bryant
group manager, response communicationsMicrosoft

The vulnerability affects Windows 7 and Windows Server 2008 systems. So far, the biggest risk posed by the vulnerability is a potential to cause a system to crash and restart, Microsoft said.

"We've deduced so far that reliable exploit code is unlikely," wrote Jerry Bryant group manager of Microsoft response communications in the Microsoft Security Response Center Blog. "We're currently developing a security update for Windows that will address the vulnerability."

Microsoft engineers called successful exploitation of the display driver error tricky and said it cannot be exploited remotely. An attacker would need to write executable content to a specific space in kernel memory. Address Space Layout Randomization (ASLR), a security feature enabled by default in Windows Vista, Windows Server 2008 and Windows 7, makes a successful exploitation even more difficult.

The engineers were able to successfully exploit the flaw locally on a Windows 7 64-bit computer with the Aero Glass theme enabled. They warned that there is potential for an attacker to exploit the vulnerability using a malicious image with a third-party image viewer.

As a workaround, Microsoft recommends temporarily disabling the Aero Glass theme. ~ Robert Westervelt


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: