Microsoft said on Tuesday that it is investigating a publicly reported vulnerability in the Windows Canonical Display Driver (cdd.dll) affecting 64-bit versions of Windows 7 and Windows Server 2008 R2.
The flaw resides in the Canonical Display Driver, used by desktop composition to blend the Windows Graphics Device Interface (GDI) and DirectX drawing. The issue affects Windows 7 x64, Windows Server 2008 R2 x64, and Windows Server 2008 R2 for Itanium systems. It is possible that the vulnerability could allow code execution, although successful code execution is unlikely due to memory randomization. If a malicious user were able to exploit the flaw it would "likely cause the affected system to stop responding and restart" according to a Microsoft spokesperson.
The flaw only affects systems running Windows Aero, which is disabled by default on Windows Server 2008 R2. "We’re currently developing a security update for Windows that will address the vulnerability", said Jerry Bryant - Manager of Response Communications at Microsoft. Bryant also advised that Windows 7 users could disable Windows Aero as a workaround to protect against potential threats.
Microsoft has issued a Security Advisory with full information on the vulnerability. According to security researchers Secunica, the flaw was originally discovered in April 2009 on an Irfanview forum. Secunica is rating the issue as "less critical".