It would appear that the 64-bit version of Windows 7 could have a potentially serious security risk when it comes to the graphics displayed used to control the fancy Aero desktop graphics. The hole could potentially allow either for the system to crash or allow someone to remotely control the computer.
The weakness has been traced to the Windows Canonical Display Driver (cdd.dll) which is responsible for the Aero graphic effects and affects both Windows 7, Windows Server 2008 R@ and Itanium-based Windows Server 2008 R2. Microsoft is apparently working on a patch for the hole.
The weakness can be exploited by sending a victim a malicious image file with an affected application. The victim can also be affected if they visit a website hosting such a malicious image. In an advisory issued by Microsoft they have this to say about the security hole.
“Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely, due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart,” the advisory said. “We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time.”
Secunia rates the vulnerability as being less critical.
Related posts:
- Microsoft Security Essentials: One more thing Microsoft gets right.
- About that report regarding the virus getting by most security software….
- Microsoft Security Essentials to ship September 29
- Well color me pink – Microsoft Security Essential considered one of the best
- Microsoft releases their Security Intelligence Report Vol. 8
