ghacks Technology News

Windows 7 64-bit And Windows Server 2008 R2 Vulnerability Emerges

The Microsoft Security Response team published a security advisory yesterday. The team is investigating a publicly reported vulnerability that is affecting 64-bit editions of Windows 7 and Windows Server 2008 R2 as well as Windows Server 2008 R2 for Itanium systems.

The vulnerability was discovered in the Windows Canonical Display Driver (cdd.dll) which is used by “desktop composition to blend the Windows Graphics Device Interface (GDI) and DirectX drawing”.

The vulnerability received a preliminary Exploitable Index rating of 3:

Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart.

The vulnerability is only affecting Windows systems with the Windows Aero theme installed and in use. Windows Aero is not the default theme in Windows Server 2008 R2.

Microsoft’s suggested action is to disable the Windows Aero theme for the time being until a security patch for the vulnerability is released.

To disable Windows Aero by changing the theme, perform the following steps for each user on a system:
1.
Click Start, select the Control Panel, and then click on Appearance and Personalization.
2.
Under the Personalization category, click on Change the Theme.
3.
Scroll to the bottom of the listed themes and select one of the available Basic and High Contrast Themes.

The security advisory and the blog post announcing the security vulnerability contain additional information.

Update: The 64-bit vulnerability has been patched. Windows users who have downloaded all recent security patches for their operating system, or installed the first Service Pack for it, are safe from the exploit. Users who have disabled the Aero theme because of the exploit can turn it back on. This is done by following the same steps outlined above.

Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.

Related Articles:

Here We Go Again: Yet Another Flash 0-day Vulnerability Emerges
Windows XP And Windows Server 2003 Zero-Day Vulnerability
Windows 2008 Server Core Configurator
0-Day Firefox 3.6 Vulnerability Emerges
Another Adobe Reader Zero-Day Vulnerability Emerges



About the Author:Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook or Twitter.

Author: , Wednesday May 19, 2010 -
Tags:, , , ,

Previous Post: Backup with rsnapshot

Next Post: IMDB Enhancer For Firefox

Click on the following link(s) to read more about Security, Windows

Leave a Reply   Follow Ghacks   Subscribe To Comment Rss

Subscribe without commenting

 Ghacks Technology Newsletter 
Ghacks Daily Newsletter

Recent Posts

Follow This Blog

RSS Feeds
Google+ Page; Facebook Fan Page; Twitter




Popular Articles

Popular Searches

Popular Tags

Topics

Links

About Ghacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular latest tech news sites on the Internet with five authors and regular contributions from freelance writers.

Services

Authors

Martin Brinkmann
Melanie Gross
Mike Halsey
Ryan D. Lang
Jack Wallen

© 2005-2012 Ghacks.net. All Rights Reserved. Privacy Policy - About Us