Microsoft warns of Windows 7 graphics flaw
By Barry Collins
Posted on 19 May 2010 at 09:17
A flaw with the graphics driver in Windows 7 could compromise the stability and security of PCs, Microsoft has warned.
The vulnerability lies in the Windows Canonical Display Driver (cdd.dll) for the 64-bit versions of Windows 7 and Windows Server 2008 R2.
"If exploited, it would likely cause the affected system to stop responding and restart," Jerry Bryant, group manager of response communications warns on the Microsoft Security Response Center blog. "Code execution, while possible in theory, would be very difficult due to memory randomisation, both in kernel memory and via Address Space Layout Randomisation (ASLR)."
Top five stories on PC Pro
Microsoft claims that the vulnerability only affects machines running the Aero graphics interface, and advises that customers "may choose to disable Windows Aero as a workaround to protect against potential threats" until the company releases a fix.
That said, Microsoft claims that the chances of the flaw being exploited in the wild are low, and have awarded the bug the lowest possible score on its Exploitability Index.
Further details of the flaw can be found in Microsoft's security advisory.
- Is it worth upgrading a media centre to Windows 8?
- Flickr redesign: is it enough to tempt photographers back?
- Hands on with the new Google Maps
- Nokia Lumia 925 review: first look
- Why I won't subscribe to Creative Cloud
- GoPro camera strapped to a remote-control helicopter: the ultimate boy's toy
- Acer Iconia A1 review: first look
- Acer Aspire P3 review: first look
- Acer Aspire R7 review: first look
- How we produce the PC Pro podcast
- Yes, I write down my passwords
- How to deal with a ransomware attack
- How secure is your Wi-Fi network?
- How QR codes caught out the security pros
- Why I do not trust Do Not Track... yet
- The hard disks you can "secure" with a single-digit password
- Why I've started using a password manager
- Time to kill off CAPTCHA
- Are today's young people Generation I (for insecure)?
- Ransomware that's better made than antivirus software