Well looks like someone has found serious security vulnerability in Bill Gate’s latest money-milking operating system the Windows 7. Apparently users may be exposed to code execution and denial-of-service attacks, Microsoft warned in an advisory issued on Tuesday.
The threat, which was openly discussed ahead of Microsoft’s advisory, only affects the latest Windows 7 and windows Server 2008 R2, though was denied of any forms of attacks attempted related to exploiting this flaw.
This issue was found in the Canonical Display Driver (cdd.dll), which is used by Windows 7 to unify the Windows Graphics Device Interface (GDI) and DirectX drawing.
MSRC blog:
Code execution, while possible in theory, would be very difficult due to memory randomization both in kernel memory and via Address Space Layout Randomization (ASLR). Additionally, this vulnerability only affects Windows systems if they have the Aero theme installed; Aero is not switched on by default in Windows Server 2008 R2, nor does 2008 R2 include Aero-capable graphics drivers by default.
Microsoft believes that, in case where the attacker successfully exploited this vulnerability, the affected system would stop to respond, and automatically restart. Therefore, the Windows 7 teams are now standing by for processing the patches need once investigations are complete.
So I guess this is a good time to disable that Windows Aero Theme huh?
0 comments:
Post a Comment