Bad Canonical Display Driver leaves Hole in Windows 7!

Posted on May 28, 2010 at 8:08 pm by Donna Warren

The 64-bit version has a security in its canonical display driver (cdd.dll) that leaves the system vulnerable to takeover by bad guys. The problem affects Windows 7 and Server 2008 R2.

The canonical driver is used to blend windows DirectX drawing with the windows graphical display interface (GDI).  CDD emulates the interface of a Windows XP display driver for interactions with the Win32k GDI graphics engine. A remote attacker may exploit this issue to create a denial of service condition on a vulnerable system.

According to Microsoft, the vulnerability only exists if you install the Aero user interface which is the default theme for Windows 7 and they have not had any reported cases of an actual attack reported by users.

The latest addressing technology also makes it much harder to exploit the weakness because the ASLR (Address Space Layout Randomization) makes it pretty much of a guessing game to determine the exact address where an application will start executing.  If the attacker guesses correctly (and we all know some sharp programmer will plant a Trojan to figure that out), they can take over the user’s computer.

Although Microsoft is minimizing the potential danger they are busing a gut creating a patch to fix this “very unlikely” vulnerability.

Is the Wolf at the Door?

If it is so unlikely, why did they issue a security warning? Microsoft usually doesn’t cry wolf unless the wolf is snarling at the door.

Microsoft will release a new driver as part of one of its patch Tuesdays that should fix the problem.

Comments are closed.