Security flaw hits Windows 7 graphics

Windows logo

A new flaw found in 64 bit versions of Windows 7 and Windows Server 2008 R2 could leave users vulnerable to malware attacks, Microsoft has warned.

The vulnerability in the Windows Canonical Display Driver used to bring together Windows Graphics Device Interface (GDI) and DirectX drawing could allow for malware to infiltrate systems, stopping it responding and forcing it to restart.

Microsoft has played down the bug though, claiming it is very difficult to trigger.

Jerry Bryant, group manager of Response Communications at Microsoft's Security Response Centre (MSRC), wrote on his blog: "Code execution, while possible in theory, would be very difficult due to memory randomisation both in kernel memory and via Address Space Layout Randomisation (ASLR)."

"Additionally, this vulnerability only affects Windows systems if they have the Aero theme installed; Aero is not switched on by default in Windows Server 2008 R2, nor does 2008 R2 include Aero-capable graphics drivers by default."

This has led the company to only rate the bug as a three on the exploitability index, meaning "reliable exploit code is unlikely."

Bryant said his team is working on a fix to address the vulnerability and until then users of the systems are advised to disable the Aero theme if it is running and keep their machines updated.

Jennifer Scott

Jennifer Scott is a former freelance journalist and currently political reporter for Sky News. She has a varied writing history, having started her career at Dennis Publishing, working in various roles across its business technology titles, including ITPro. Jennifer has specialised in a number of areas over the years and has produced a wealth of content for ITPro, focusing largely on data storage, networking, cloud computing, and telecommunications.

Most recently Jennifer has turned her skills to the political sphere and broadcast journalism, where she has worked for the BBC as a political reporter, before moving to Sky News.