Microsoft has warned that the 64-bit version of Windows 7,Windows Server 2008 R2 for x64-based Systems**,Windows Server 2008 R2 for Itanium-based System are vulnerable to remote code execution.
Microsoft is investigating a new public report of a vulnerability in the Canonical Display Driver (cdd.dll). Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart.
Microsoft said it is not aware of any attempts to exploit the vulnerability thus far, but said it will take "appropriate action" which may include providing a security update through its monthly release process or providing an out-of-cycle security update.
The flaw lies in the Canonical Display Driver, which blends the Windows graphics device interface and DirectX drawing.
The vulnerability affects Windows 7 x64, Windows Server 2008 R2 x64, and Windows Server 2008 R2 for Itanium systems, but only if they have the Aero theme installed.
Aero is not switched on by default in Windows Server 2008 R2, nor does 2008 R2 include Aero-capable graphics drivers by default.
A workaround is to disable Windows Aero, which blocks the path by which cdd.dll can be exploited.
Affected Software:-
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems**
- Windows Server 2008 R2 for Itanium-based Systems
Although Windows 7 is most secured operating system in windows series till date but loop holes always do exist.Have you ever faced or find out any security issue or loop hole in Windows 7 ?
|
Dear Readers:
|
