Microsoft warns users of Windows 7 Aero vulnerability

A vulnerability in the Windows 7 graphics driver could be leveraged by hackers to affect system stability and security.

A vulnerability in the Windows 7 graphics driver could be leveraged by hackers to affect system stability and security.

The vulnerability is present in the Windows 7 (and Windows Server 2008 R2) Canonical Display Driver (cdd.dll) for 64-bit systems.

The Canonical Display Driver is used by desktop composition to blend the Windows Graphics Device Interface (GDI) and DirectX drawing. The vulnerability affects Windows 7 x64, Windows Server 2008 R2 x64, and Windows Server 2008 R2 for Itanium systems. If exploited, it would likely cause the affected system to stop responding and restart. Code execution, while possible in theory, would be very difficult due to memory randomization both in kernel memory and via Address Space Layout Randomization (ASLR). Additionally, this vulnerability only affects Windows systems if they have the Aero theme installed; Aero is not switched on by default in Windows Server 2008 R2, nor does 2008 R2 include Aero-capable graphics drivers by default.

Microsoft is rating this vulnerability as a 3 (on a scale of 1 to 3, where 1 means that consistent exploit code is likely and 3 indicates that functioning exploit code is unlikely) and believes that defense in depth mechanisms in the OS means that a patch will be released before hackers find a way to exploit the flaw.

Vulnerabilities are a dynamic thing and the rating could change between now and a patch being released. After all, security experts have previously shown how Window's ASLR can be bypassed so defense in depth might only offer temporary protection. If you're worried about this vulnerability, Microsoft recommends that you disable Aero until a fix is released.

To disable Aero, Click Start > Control Panel, then click on Appearance and Personalization. Under Presentation click Change the Theme and select one of the Basic and High Contrast Themes on offer.