Microsoft is investigating a new public report of a vulnerability in the Canonical Display Driver (cdd.dll) in Windows operating system. Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart.
Till a security patch for the vulnerability is released, Microsoft has suggested the following to mitigate the impact to affected systems by applying the following workaround.
Workaround refers to a setting or configuration change that does not correct the underlying issue but would help block known attack vectors before you apply the update. Disabling the Windows Aero theme prevents this issue from being exploited on affected systems.
To disable Windows Aero by changing the theme, perform the following steps for each user on a system:
- Click Start, select the Control Panel, and then click on Appearance and Personalization.
- Under the Personalization category, click on Change the Theme.
- Scroll to the bottom of the listed themes and select one of the available Basic and High Contrast Themes.
To disable Windows Aero by switching to the default setting through group policy, perform the following steps:
- Open the Group Policy Management Console and configure the console to work with the appropriate Group Policy object, such as, local machine, OU, or domain GPO.
- Navigate to the following node:
- User Configuration – Policies – Administrative Templates – Control Panel – Personalization
- Double-click Force a specific visual style file or force Windows Classic.
- Change the setting to Enabled and ensure that the Path to Visual Style text box is blank.
- Click Apply and click OK to return to the Group Policy Management Console.
- Refresh the Group Policy on all systems or wait for the next scheduled Group Policy refresh interval for the settings to take effect.
Affected Operating Systems:
Windows 7 x64 based Systems
Windows Server 2008 R2 x64 based Systems
Windows Server 2008 R2 Itanium-based Systems.
Thanks Robert aka StrayCat!