Windows 7 64-bit and Windows Server 2008 R2 are Vulnerable to Attack

windows-7-ultimate-edition ws2008_r2

Microsoft has warned that the 64-bit version of Windows 7,Windows Server 2008 R2 for x64-based Systems**,Windows Server 2008 R2 for Itanium-based System are vulnerable to remote code execution.

Microsoft is investigating a new public report of a vulnerability in the Canonical Display Driver (cdd.dll). Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart.

Microsoft said it is not aware of any attempts to exploit the vulnerability thus far, but said it will take "appropriate action" which may include providing a security update through its  monthly release process or providing an out-of-cycle security update.

The flaw lies in the Canonical Display Driver, which blends the Windows graphics device interface and DirectX drawing.

The vulnerability affects Windows 7 x64, Windows Server 2008 R2 x64, and Windows Server 2008 R2 for Itanium systems, but only if they have the Aero theme installed.

Aero is not switched on by default in Windows Server 2008 R2, nor does 2008 R2 include Aero-capable graphics drivers by default.

A workaround is to disable Windows Aero, which blocks the path by which cdd.dll can be exploited.

Affected Software:-

  • Windows 7 for x64-based Systems
  • Windows Server 2008 R2 for x64-based Systems**
  • Windows Server 2008 R2 for Itanium-based Systems

Although Windows 7 is most secured operating system in windows series till date but loop holes always do exist.Have you ever faced or find out any security issue or loop hole in Windows 7 ?

via : Microsoft,Thinq

Dear Readers:
I writes free technical tips and tutorial to helps thousands of readers.Bearing the running costs of blog has become really difficult.To help us go forward and grow, a small contribution from your side will highly be appreciated.

blog comments powered by Disqus