The Microsoft Security Response team published a security advisory yesterday. The team is investigating a publicly reported vulnerability that is affecting 64-bit editions of Windows 7 and Windows Server 2008 R2 as well as Windows Server 2008 R2 for Itanium systems.
The vulnerability was discovered in the Windows Canonical Display Driver (cdd.dll) which is used by "desktop composition to blend the Windows Graphics Device Interface (GDI) and DirectX drawing".
The vulnerability received a preliminary Exploitable Index rating of 3:
Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart.
The vulnerability is only affecting Windows systems with the Windows Aero theme installed and in use. Windows Aero is not the default theme in Windows Server 2008 R2.
Microsoft's suggested action is to disable the Windows Aero theme for the time being until a security patch for the vulnerability is released.
To disable Windows Aero by changing the theme, perform the following steps for each user on a system:
Click Start, select the Control Panel, and then click on Appearance and Personalization.
Under the Personalization category, click on Change the Theme.
Scroll to the bottom of the listed themes and select one of the available Basic and High Contrast Themes.
The security advisory and the blog post announcing the security vulnerability contain additional information.
Update: The 64-bit vulnerability has been patched. Windows users who have downloaded all recent security patches for their operating system, or installed the first Service Pack for it, are safe from the exploit. Users who have disabled the Aero theme because of the exploit can turn it back on. This is done by following the same steps outlined above.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.