Microsoft Warns Of Canonical Display Driver Bug
Microsoft admitted that the Canonical Display Driver vulnerability, which stems from improperly parsed information copied from user mode to kernel mode, could ostensibly allow remote code execution attacks, although it was more likely that an attacker would exploit the flaw to cause a user's system to stop responding followed by an automatic restart.
The diminished security threat prompted Microsoft researchers to give the bug the less severe rating of "3" on Microsoft's exploitability index, "meaning we've deduced so far that reliable exploit code is unlikely," Microsoft said.
"Remote code execution, while possible in theory, would be very difficult due to memory randomization both in kernel memory and via Address Space Layout Randomization," said Jerry Bryant, Microsoft group manager for response communications, in a blog post Tuesday.
The Canonical Display Driver is a desktop composition function that blends the DirectX and Windows Graphics Device Interface, which enables applications to use graphics and formatted text in video panes and printers.
Altogether, the Canonical Display Driver vulnerability affects Windows 7 x64, Windows Server 2008 R2 x 64 and Windows Server 2008 R2 for Itanium systems.
However, a significant mitigating factor is that the vulnerability only affects Windows systems with the Aero theme installed, which is not switched on by default in Windows Server 2008 R2, Microsoft said.
Thus far there are no attacks exploiting the vulnerability.
Meanwhile, Bryant said that the company is currently working on a security update that will address the flaw, which will likely be issued in an upcoming monthly security patch release.
Until a patch can be released and deployed, Microsoft suggests that users disable the Windows Aero as a temporary workaround, which closes off a major threat vector.