Microsoft warns users of Windows 7 Aero vulnerability

Microsoft warns users of Windows 7 Aero vulnerability

Summary: A vulnerability in the Windows 7 graphics driver could be leveraged by hackers to affect system stability and security.

SHARE:

A vulnerability in the Windows 7 graphics driver could be leveraged by hackers to affect system stability and security.

The vulnerability is present in the Windows 7 (and Windows Server 2008 R2) Canonical Display Driver (cdd.dll) for 64-bit systems.

The Canonical Display Driver is used by desktop composition to blend the Windows Graphics Device Interface (GDI) and DirectX drawing. The vulnerability affects Windows 7 x64, Windows Server 2008 R2 x64, and Windows Server 2008 R2 for Itanium systems. If exploited, it would likely cause the affected system to stop responding and restart. Code execution, while possible in theory, would be very difficult due to memory randomization both in kernel memory and via Address Space Layout Randomization (ASLR). Additionally, this vulnerability only affects Windows systems if they have the Aero theme installed; Aero is not switched on by default in Windows Server 2008 R2, nor does 2008 R2 include Aero-capable graphics drivers by default.

Microsoft is rating this vulnerability as a 3 (on a scale of 1 to 3, where 1 means that consistent exploit code is likely and 3 indicates that functioning exploit code is unlikely) and believes that defense in depth mechanisms in the OS means that a patch will be released before hackers find a way to exploit the flaw.

Vulnerabilities are a dynamic thing and the rating could change between now and a patch being released. After all, security experts have previously shown how Window's ASLR can be bypassed so defense in depth might only offer temporary protection. If you're worried about this vulnerability, Microsoft recommends that you disable Aero until a fix is released.

To disable Aero, Click Start > Control Panel, then click on Appearance and Personalization. Under Presentation click Change the Theme and select one of the Basic and High Contrast Themes on offer.

Topics: Windows, Microsoft, Operating Systems, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

11 comments
Log in or register to join the discussion
  • RE: Microsoft warns users of Windows 7 Aero vulnerability

    This isn't an issue because its very very hard to exploit and there is no attack code in the wild. More or less proof of concept and will be patched soon enough.
    Loverock Davidson
    • RE: Microsoft warns users of Windows 7 Aero vulnerability

      @Loverock Davidson:

      Thank you for your indispensable, insightful, enlightening comments.
      Zeppo9191
      • RE: Microsoft warns users of Windows 7 Aero vulnerability

        @Zeppo9191 , are you serious?

        lol... :D
        ubiquitous one
      • RE: Microsoft warns users of Windows 7 Aero vulnerability

        @Zeppo9191 No problem, be sure to join my fan club :)
        Loverock Davidson
  • RE: Microsoft warns users of Windows 7 Aero vulnerability

    At least Microsoft reports it. Apple wouldn't bother warning anyone. :-)
    Gis Bun
    • RE: Microsoft warns users of Windows 7 Aero vulnerability

      @Gis Bun ... yep, they'd release a 100MB "patch" to "Improve general performance" or similar wording.
      GoodThings2Life
      • RE: Microsoft warns users of Windows 7 Aero vulnerability

        @GoodThings2Life , no worse than M$ fanbuis calling a Linux bug a "vunerability".

        Or do we need to cue the double standards again...
        ubiquitous one
  • I use VISTA Ult 64bit......

    And I notice my aero Dream screen scene is being switched off is this O/S am I at risk by turning it back on???
    carlsf@...
    • RE: Microsoft warns users of Windows 7 Aero vulnerability

      @carlsf@...

      Your OS (Vista 64) is not affected. Here is a link to the secuirty advisory so you can check for yourself: http://www.microsoft.com/technet/security/advisory/2028859.mspx
      ryanstrassburg
  • RE: Microsoft warns users of Windows 7 Aero vulnerability

    This is odd... I just read an article exactly like this one about the exact same issue with Windows 7 Aero, and it was exactly from ZDNet though this one has more pertinent information. What gives?

    Anyhow, non-issue for the masses. The exploit is extrememly difficult to do and would require something on the order of 10 choirs in perfect harmony over an hour of song, it just ain't gonna happen. Something of a scare-o-gram but good to know if I do every have an issue, though I would bet I will win the lottery before this is exploited. Besides, I suspect other mechanism would catch any malicious code before it even got that far right?

    So I am thinking... Assuming the code/program/hack made it past the 3 active defenses I have (i.e. Firewall/gateway, Windows UAC/Other, and Norton Security Suite) it then has to get past the passive defenses such as ASLR and some other acronym I forgot. This is an awful lot to contend simply to crash a machine since that seems to be more likely than any code execution.

    Nice to know anyhow.
    ryanstrassburg
    • RE: Microsoft warns users of Windows 7 Aero vulnerability

      @ryanstrassburg
      Yeah, it is more likely that someone would try to hack a server than someone's personal machine. Most users will have been patched and be none the wiser. It is on the server side where warnings like this are more relevant considering the potential benefit derived by hackers. Anyway, a more news worthy article would have been if someone had used this vulnerability to exploit a server and turn it into a botnet or something.

      On another note, I am happy to see some openness from Microsoft. I think they have learned some important lessons in recent years. And all that coming from a Linux fan boy... go figure.
      mkpelletier@...