Microsoft confirms new 64-bit Windows 7 vulnerability

Microsoft said on Tuesday that it is investigating a publicly reported vulnerability in the Windows Canonical Display Driver (cdd.dll) affecting 64-bit versions of Windows 7 and Windows Server 2008 R2.

The flaw resides in the Canonical Display Driver, used by desktop composition to blend the Windows Graphics Device Interface (GDI) and DirectX drawing. The issue affects Windows 7 x64, Windows Server 2008 R2 x64, and Windows Server 2008 R2 for Itanium systems.  It is possible that the vulnerability could allow code execution, although successful code execution is unlikely due to memory randomization. If a malicious user were able to exploit the flaw it would "likely cause the affected system to stop responding and restart" according to a Microsoft spokesperson.

The flaw only affects systems running Windows Aero, which is disabled by default on Windows Server 2008 R2. "We’re currently developing a security update for Windows that will address the vulnerability", said Jerry Bryant - Manager of Response Communications at Microsoft. Bryant also advised that Windows 7 users could disable Windows Aero as a workaround to protect against potential threats.

Microsoft has issued a Security Advisory with full information on the vulnerability. According to security researchers Secunica, the flaw was originally discovered in April 2009 on an Irfanview forum. Secunica is rating the issue as "less critical".

Report a problem with article
Previous Story

PC piracy drove us to consoles, says Epic Games

Next Story

Microsoft planning to support VP8 in Internet Explorer 9 - with a catch

61 Comments

View more comments

6205 said,
Truth is that this vunerability is in framework for handling security certificates and responsible person for this "Windows Canonical Display Driver" is current Canonical CEO Mark S., founder of Ubuntu IMO it's very lame atempt to fix Ubuntu's bug #1 WIndows rules
I see what ya did there.

yep, also using Win 7 128bit edition here, i mean come on people, you still use less than 16 exabytes of ram? is that even enough for emails? not even talking about browsing the web or msn conversations...

BanneD said,
yep, also using Win 7 128bit edition here, i mean come on people, you still use less than 16 exabytes of ram? is that even enough for emails? not even talking about browsing the web or msn conversations...

Someone above already said that joke and it was funnier. -1

Tim Dawg said,
What? You're joking right?

Yeah, it seems like it is only "Windows Server 2008 R2 for Itanium systems". Of course, it isn't too clear. And I'm not that knowledgeable.

Edited by LaserWraith, May 20 2010, 9:18pm :

Itanium only? I'm sorry how is that even news? I mean, seriously, next thing you'll start publishing OS/2 related material.

Breach said,
Itanium only? I'm sorry how is that even news? I mean, seriously, next thing you'll start publishing OS/2 related material.
What? Another one? I thought the other guy was joking but now the second person who thinks it's Itanium only? Scary....

Tim Dawg said,
What? Another one? I thought the other guy was joking but now the second person who thinks it's Itanium only? Scary....

Didn't see the x64 in the article...

there is no 128 bit edition of windows unless you can point us to a valid link to it, otherwise i don't believe you and the aero display vulnerability is not a big deal as with 64bit editions have xtra defenses that 32bit does not have but even on 32bit aero is always best to keep on for more performance.

soldier1st said,
there is no 128 bit edition of windows unless you can point us to a valid link to it, otherwise i don't believe you and the aero display vulnerability is not a big deal as with 64bit editions have xtra defenses that 32bit does not have but even on 32bit aero is always best to keep on for more performance.

Someone should also point out that there is no Windows 7 Ultimate from the Future 4096-bit edition...

Tim Dawg said,
Yes that's right. The 128-bit thing is a joke. I'm amazed at how many people took that seriously.
It's no laughing matter that people were conned into getting Win 7 64 when there is a 128bit verson was available!!!?! jk

Edited by duneworld, May 20 2010, 1:04pm :

Why was the forum thread closed when it was posted before it appeared on the front page?

Lazure said,
Oh great, just what we need. a scary post that makes more idiots disable aero and use the ugly 1995 theme.

I hate that MS keeps that stupid outdated crap around even today.


MS doesn't really get a choice in the matter. Hardware makers still make crappy hardware. Netbooks for example.

randomevent said,

MS doesn't really get a choice in the matter. Hardware makers still make crappy hardware. Netbooks for example.

Ofcourse Microsoft has a choice. They can go Apple's way and approve/limit the hardware running Windows (like they have decided with WP7).

Edited by ilev, May 20 2010, 7:41am :

ilev said,

Ofcourse Microsoft has a choice. They can go Apple's way and approve/limit the hardware running Windows (like they have decided with WP7).

Are you kidding? If they did anything of the sort they'd have regulatory bodies ready to break down the doors screaming anti-trust at them.

ilev said,

Ofcourse Microsoft has a choice. They can go Apple's way and approve/limit the hardware running Windows (like they have decided with WP7).

OMG... all this world needs is another Apple.... /s

Athernar said,

Are you kidding? If they did anything of the sort they'd have regulatory bodies ready to break down the doors screaming anti-trust at them.

+1

ilev said,

Ofcourse Microsoft has a choice. They can go Apple's way and approve/limit the hardware running Windows (like they have decided with WP7).


I wouldn't mind if they started to do this on future Windows editions, but I'm glad they haven't now. Still, the more Microsoft limits its platform the more people wander off to new OSes in disappointment. Even right now you see netbooks splintering off with Linux, Chrome OS, later WebOS, and so on as Win7 isn't really necessary on em.

We'll see if MS does or not. I can see wanting to keep their broad consumer base, but IMO it's only weakening the platform itself.

Hopefully MS never copies Apple... They have enough issues already without trying to force people to use only 'approved' hardware. Ironic considering almost all of Apples systems run on Intel..

Commenting is disabled on this article.