Windows Aero flaw in 64-bit Windows 7 and Server 2008 R2

[clifford_cooley]

Microsoft yesterday released a Security Advisory warning users of a fatal flaw in a base driver essential to the operation of the 64-bit editions of Windows 7 and Windows Server 2008 R2.

Dubbed the “Canonical Display Driver,” the driver is used to run Aero, the glitzy user interface found in these OSes.

“The Canonical Display Driver is used by desktop composition to blend the Windows Graphics Device Interface (GDI) and DirectX drawing… If exploited, it would likely cause the affected system to stop responding and restart,” said Microsoft’s Jerry Bryant in a blog update.

“Code execution, while possible in theory, would be very difficult due to memory randomization both in kernel memory and via Address Space Layout Randomization (ASLR). Additionally, this vulnerability only affects Windows systems if they have the Aero theme installed; Aero is not switched on by default in Windows Server 2008 R2, nor does 2008 R2 include Aero-capable graphics drivers by default.”

Bryant went on to indicate that flaw probably isn’t a big deal, noting that Microsoft has awarded it a vulnerability rating of 3, lowest on the exploit scale. Further, there don’t seem to be any public exploits that target this particular flaw.

For now, if you are concerned with this breach, disable Windows Aero and wait for Microsoft to release a patch, likely arriving on June 8.

Source link - http://tech.icrontic.com/news/windows-aero-flaw-in-64-bit-windows-7-and-server-2008-r2/

 

[catilley1092]

Glad you noticed better than I did. I was reading through some articles earlier, and seen something about "Canonical Display Driver". But I passed by reading about it, thinking it was something about Canon products, I get my share of reading about them, here on the forum. This could potentially affect a lot of users, but is apparently being played down by Microsoft. Unless I hear of a outbreak of problems with this, I'm leaving my Aero screen on.

 

[Fire cat]

Thanks for sharing Niburu.
I won't be affected because I use 32bit, but some of my friends will come crying to me when their computer crashes

By the way, why does Windows Server have aero? It's a server, not a everyday use computer, right?

Cheers,
Fire Cat

 

[clifford_cooley]

Thanks for sharing Niburu.

:lol:

 

[Nibiru2012]

Well, I was gonna share but C_C beat me to the punch. As long a everyone is aware of this is the important thing.

Just about every Windows news reporting site has an article about this latest hiccup from MS.

Peculiar how it just affects Windows 7 and Server 2008 R2 in only the x64 versions.

 

[Veedaz]

Thanks for the info C_C :top:

 

[Fire cat]

By the way Clifford, sorry.
I am a bit messed up at the moment...
And I was reading a post by Niburu just before.

So, Thanks Clifford for sharing

 

[Jeffreyobrien]

Thanks for sharing Niburu.
I won't be affected because I use 32bit, but some of my friends will come crying to me when their computer crashes

By the way, why does Windows Server have aero? It's a server, not a everyday use computer, right?

Cheers,
Fire Cat

Fire Cat some company servers with over 50-100 systems in our production domain,have many users that require the use of such software as Aero as for Server 2008 R2 & Aero Glass we are running a few custom systems that do run server 2008 RC & as for software requirements they get used by users daily who do run Aero Glass.I hope this helps.
regards
jeffreyobrien.

​