{"id":227,"date":"2010-05-28T20:08:50","date_gmt":"2010-05-29T01:08:50","guid":{"rendered":"http:\/\/www.easydriverpro.com\/driver-news\/?p=227"},"modified":"2018-05-20T14:39:42","modified_gmt":"2018-05-20T19:39:42","slug":"bad-canonical-display-driver-leaves-hole-in-windows-7","status":"publish","type":"post","link":"https:\/\/www.easydriverpro.com\/driver-news\/bad-canonical-display-driver-leaves-hole-in-windows-7\/","title":{"rendered":"Bad Canonical Display Driver leaves Hole in Windows 7!"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.easydriverpro.com\/driver-news\/wp-content\/uploads\/2010\/05\/c-1.jpg\" alt=\"\" \/><\/p>\n<p>The 64-bit version has a security in its canonical display driver (cdd.dll) that leaves the system vulnerable to takeover by bad guys. The problem affects Windows 7 and Server 2008 R2.<\/p>\n<p>The canonical driver is used to blend windows DirectX drawing with the windows graphical display interface (GDI). \u00a0CDD emulates the interface of a Windows XP display driver for interactions with the Win32k GDI graphics engine. A remote attacker may exploit this issue to create a denial of service condition on a vulnerable system.<\/p>\n<p>According to Microsoft, the vulnerability only exists if you install the <strong><em>Aero <\/em><\/strong>user interface which is the default theme for Windows 7 and they have not had any reported cases of an actual attack reported by users.<\/p>\n<p>The latest addressing technology also makes it much harder to exploit the weakness because the ASLR (Address Space Layout Randomization) makes it pretty much of a guessing game to determine the exact address where an application will start executing. \u00a0If the attacker guesses correctly (and we all know some sharp programmer will plant a Trojan to figure that out), they can take over the user\u2019s computer.<\/p>\n<p>Although Microsoft is minimizing the potential danger they are busing a gut creating a patch to fix this <strong><em>\u201cvery unlikely\u201d<\/em><\/strong> vulnerability.<\/p>\n<h2>Is the Wolf at the Door?<\/h2>\n<p>If it is so unlikely, why did they issue a security warning? Microsoft usually doesn\u2019t cry wolf unless the wolf is snarling at the door.<\/p>\n<p>Microsoft will release a new driver as part of one of its patch Tuesdays that should fix the problem.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Bad video driver creates security hole in Windows 7<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,1],"tags":[51,52],"_links":{"self":[{"href":"https:\/\/www.easydriverpro.com\/driver-news\/wp-json\/wp\/v2\/posts\/227"}],"collection":[{"href":"https:\/\/www.easydriverpro.com\/driver-news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.easydriverpro.com\/driver-news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.easydriverpro.com\/driver-news\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.easydriverpro.com\/driver-news\/wp-json\/wp\/v2\/comments?post=227"}],"version-history":[{"count":15,"href":"https:\/\/www.easydriverpro.com\/driver-news\/wp-json\/wp\/v2\/posts\/227\/revisions"}],"predecessor-version":[{"id":1299,"href":"https:\/\/www.easydriverpro.com\/driver-news\/wp-json\/wp\/v2\/posts\/227\/revisions\/1299"}],"wp:attachment":[{"href":"https:\/\/www.easydriverpro.com\/driver-news\/wp-json\/wp\/v2\/media?parent=227"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.easydriverpro.com\/driver-news\/wp-json\/wp\/v2\/categories?post=227"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.easydriverpro.com\/driver-news\/wp-json\/wp\/v2\/tags?post=227"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}