News Stay informed about the latest enterprise technology news and product updates.

Microsoft issues advisory for Windows display driver flaw

Microsoft said a vulnerability in the Windows Canonical Display Driver affects users of Windows 7, but poses little serious threat.

Microsoft has issued a security advisory, Tuesday, warning users of a publicly reported vulnerability in the Windows...

Canonical Display Driver, a Windows component used to handle graphics and DirectX drawing in games and other software programs.

We've deduced so far that reliable exploit code is unlikely.
Jerry Bryant
group manager, response communicationsMicrosoft

The vulnerability affects Windows 7 and Windows Server 2008 systems. So far, the biggest risk posed by the vulnerability is a potential to cause a system to crash and restart, Microsoft said.

"We've deduced so far that reliable exploit code is unlikely," wrote Jerry Bryant group manager of Microsoft response communications in the Microsoft Security Response Center Blog. "We're currently developing a security update for Windows that will address the vulnerability."

Microsoft engineers called successful exploitation of the display driver error tricky and said it cannot be exploited remotely. An attacker would need to write executable content to a specific space in kernel memory. Address Space Layout Randomization (ASLR), a security feature enabled by default in Windows Vista, Windows Server 2008 and Windows 7, makes a successful exploitation even more difficult.

The engineers were able to successfully exploit the flaw locally on a Windows 7 64-bit computer with the Aero Glass theme enabled. They warned that there is potential for an attacker to exploit the vulnerability using a malicious image with a third-party image viewer.

As a workaround, Microsoft recommends temporarily disabling the Aero Glass theme. ~ Robert Westervelt

Dig Deeper on Microsoft Windows security

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.