Microsoft warns of Windows 7 graphics flaw

Driver glitch could lead to remote code execution on Windows 7 PCs, Microsoft warns

Barry Collins
19 May 2010

A flaw with the graphics driver in Windows 7 could compromise the stability and security of PCs, Microsoft has warned.

The vulnerability lies in the Windows Canonical Display Driver (cdd.dll) for the 64-bit versions of Windows 7 and Windows Server 2008 R2.

"If exploited, it would likely cause the affected system to stop responding and restart," Jerry Bryant, group manager of response communications warns on the Microsoft Security Response Center blog. "Code execution, while possible in theory, would be very difficult due to memory randomisation, both in kernel memory and via Address Space Layout Randomisation (ASLR)."

Microsoft claims that the vulnerability only affects machines running the Aero graphics interface, and advises that customers "may choose to disable Windows Aero as a workaround to protect against potential threats" until the company releases a fix.

That said, Microsoft claims that the chances of the flaw being exploited in the wild are low, and have awarded the bug the lowest possible score on its Exploitability Index.

Further details of the flaw can be found in Microsoft's security advisory.

Read more about: