Microsoft Releases Security Flaw Warning

Microsoft warned computer users on May 18, 2010 about a security flaw in its newest operating system, which could lead to the malicious code execution and denial-of-service attacks.

The flaw exploits Microsoft's Windows Server 2008 R2 x64, Windows 7 x64 and Windows Server 2008 R2 for Itanium systems.

As per the information available, the flaw existed in the Canonical Display Driver (cdd.dll) used by the desktop composition to blend DirectX drawing and Windows Graphics Device Interface (GDI). The flaw stemmed due to the failure of Canonical Display Driver to accurately parse information taken from user mode to kernel mode.

Jerry Bryant, Microsoft Spokesman, said that the malicious use of flaw discovered in the Canonical Display Driver would lead to the rebooting of vulnerable machines, as reported by The Register on May 18, 2010.

He further revealed that the flaw could advertently be used for the insertion of malicious code but the attackers were first required to penetrate into the memory randomization protections provided in the operating system to protect the systems from remote code executions.

Besides, hackers could misuse it by deceiving users into viewing a booby-trapped picture file in an e-mail or a website. The Canonical Display Driver imitates the Windows XP display drivers to interact with earlier Windows graphics engines.

This flaw only affects Windows systems provided they have Aero theme installed. Aero doesn't switch on in Windows Server 2008 R2 by default, neither 2008 R2 contain Aero-capable graphics drivers by default.

Bryant further said that users should keep it in mind that Microsoft had given this vulnerability 3 rating on a preliminary Exploitability Index. This implied that there was no possibility of finding reliable exploit code. The company engaged in the development of a security update that would address the flaw, as reported by Microsoft Security Response Center on May 18, 2010.

He also revealed that the company would release a patch for the flaw, but the time period didn't disclose. Meanwhile, users could protect themselves from the attack by deactivating Aero Theme. With the deactivation of Aero, the path to exploit cdd.dll is bypassed.

Apart from this, security experts ask all Window users to use the latest Microsoft security updates to ensure that their systems remained protected from the threat.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 5/28/2010