Microsoft Issues Advisory for 64-Bit Windows 7, Server 2008

Microsoft has issued an advisory for a vulnerability in a component of a small number of Windows versions. The company judges the compromise as very difficult to pull off. Theoretically, it could result in remote code execution, but is much more likely to hang and then reboot the system.

Best online Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com

The 64-bit versions of Windows 7 and Windows Server 2008 R2, as well as the Itanium version of Windows Server 2008 R2, are vulnerable to an attack against the Canonical Display Driver (cdd.dll), part of the desktop composition components of Windows. The problem is that cdd.dll does not properly parse data copied from user mode to kernel mode. Because of ASLR (address space layout randomization) it would be very difficult to execute remote code using this attack. Microsoft has rated the exploitability of this vulnerability as “3” for “reliable exploit code unlikely.”

No patch is available yet for the issue. Microsoft is studying it and, based on today’s announcement, this would seem to be a low-priority problem. In the meantime, the advisory describes how users can disable Windows Aero, which blocks the problem.

Microsoft released the advisory after the vulnerability was publicly disclosed. They are not aware of any attacks using the vulnerability.

Click to rate this post!
[Total: 0 Average: 0]

Author: admin

Hi I educated in the U.K. with working experienced for 18 years in multinational companies, As an IT Manager and IT Instructor, I am attached with certkingdom.com here they provide IT exams study material, the study materials included exams Q&A with Explanation, Study Guides, Training Labs, Exams Simulations, Training Videos, etc. for certification like MCSE 2003 Training, MCITP Training, http://www.certkingdom.com, CCNA exams preparation, CompTIA A+ Training, and more Certkingdom.com provide you the best training 100% guarantee. “Best Material Great Results”

Leave a Reply

Your email address will not be published. Required fields are marked *