866-764-TECH(8324) · Subscribe to Application Solution Providers, Inc.News FeedSubscribe to Application Solution Providers, Inc.Comments

Windows 7 image handling component flaw causes BSOD or worse

20 May, 2010 — Recently, Microsoft released a security advisory warning of an unpatched security vulnerability in a Windows 7 and Windows Server 2008 R2 image handling component. The flaw specifically lies within a component called the Windows Canonical Display Driver (cdd.dll). The Canonical Display Driver interacts with other graphics components, such as the Windows Graphics Device Interface (GDI) and Windows Aero, to display images and other graphics on your video screen.

Unfortunately, cdd.dll suffers from a vulnerability having to do with its inability to properly parse specially crafted image files. If an attacker can entice you to a malicious web site containing a specially crafted image, or if he can trick you into opening such an image within an application that uses the flawed graphics APIs, he can exploit this flaw to either cause your machine to crash and reboot with a Blue Screen of Death (BSOD), or to execute code on your machine with your privileges. Since most Windows users have local administrative privilges, attackers could likely leverage this flaw to gain complete control of a victim’s PC.

In their alert, Microsoft claims that code execution, though theoretically possible, is unlikely due to a relatively new Windows security feature called Address Space Layout Randomization (ASLR). In a nutshell, this feature places key data structures in random areas of memory, making it harder for attackers to leverage any memory corruption flaws since they will have difficulty locating the structures they need. That said, other security researchers have released attacks that were able to bypass these memory protection features in the past. So I’d still consider this a relatively serious issue.

Since Microsoft just recently learned of this vulnerability, they have no patch for it yet. However, you can implement an easy workaround if you are willing to forgo some Windows 7 eye-candy. In the Suggested Action section of their advisory, Microsoft discribes how you can disable the Windows Aero Theme to prevent attackers from exploiting this vulnerability against you. Until Microsoft releases a patch, you should turn Aero off. I suspect Microsoft might release a fix for this during next months patch day. If they do, I will inform you via the MS Patch Day Wire posts and WatchGuard’s LiveSecurity alerts. — Corey Nachreiner, CISSP

via WatchGuard Wire: RSS Feed | WatchGuard.

Application Solution Providers, Inc. 866-764-8324

Application Solution Providers, Inc. 866-764-8324

Any software can be installed, maintained, and securely accessed from anywhere. Leverage the latest hosting technologies with a Digital Desktop.™ Consolidate and secure all your business applications and data in custom Hosted Environments.™

Your business applications and managed Application Hosting, Desktop Hosting, Web Hosting, Mail Hosting, Software as a Service (SaaS), Virtual Machines (VM), and Virtual Desktop Infrastructure (VDI) saves time and money.

For managed Application Consulting, Development, Marketing, Hosting, Support, and Training
Call 866-764-8324 · Send an email · Submit an Information Request

    Speak Your Mind

    You must be logged in to post a comment.