Windows 7 64-bit And Windows Server 2008 R2 Vulnerability Emerges

Martin Brinkmann
May 19, 2010
Updated • Jun 11, 2014
Security, Windows 7

The Microsoft Security Response team published a security advisory yesterday. The team is investigating a publicly reported vulnerability that is affecting 64-bit editions of Windows 7 and Windows Server 2008 R2 as well as Windows Server 2008 R2 for Itanium systems.

The vulnerability was discovered in the Windows Canonical Display Driver (cdd.dll) which is used by "desktop composition to blend the Windows Graphics Device Interface (GDI) and DirectX drawing".

The vulnerability received a preliminary Exploitable Index rating of 3:

Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart.


The vulnerability is only affecting Windows systems with the Windows Aero theme installed and in use. Windows Aero is not the default theme in Windows Server 2008 R2.

Microsoft's suggested action is to disable the Windows Aero theme for the time being until a security patch for the vulnerability is released.

To disable Windows Aero by changing the theme, perform the following steps for each user on a system:
Click Start, select the Control Panel, and then click on Appearance and Personalization.
Under the Personalization category, click on Change the Theme.
Scroll to the bottom of the listed themes and select one of the available Basic and High Contrast Themes.

The security advisory and the blog post announcing the security vulnerability contain additional information.

Update: The 64-bit vulnerability has been patched. Windows users who have downloaded all recent security patches for their operating system, or installed the first Service Pack for it, are safe from the exploit. Users who have disabled the Aero theme because of the exploit can turn it back on. This is done by following the same steps outlined above.


Previous Post: «
Next Post: «


Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.