A new flaw found in 64 bit versions of Windows 7 and Windows Server 2008 R2 could leave users vulnerable to malware attacks, Microsoft has warned.
The vulnerability in the Windows Canonical Display Driver used to bring together Windows Graphics Device Interface (GDI) and DirectX drawing could allow for malware to infiltrate systems, stopping it responding and forcing it to restart.
Microsoft has played down the bug though, claiming it is very difficult to trigger.
Jerry Bryant, group manager of Response Communications at Microsoft's Security Response Centre (MSRC), wrote on his blog: "Code execution, while possible in theory, would be very difficult due to memory randomisation both in kernel memory and via Address Space Layout Randomisation (ASLR)."
"Additionally, this vulnerability only affects Windows systems if they have the Aero theme installed; Aero is not switched on by default in Windows Server 2008 R2, nor does 2008 R2 include Aero-capable graphics drivers by default."
This has led the company to only rate the bug as a three on the exploitability index, meaning "reliable exploit code is unlikely."
Bryant said his team is working on a fix to address the vulnerability and until then users of the systems are advised to disable the Aero theme if it is running and keep their machines updated.
