Sign in with
Sign up | Sign in

Microsoft Warns of Win 7 Graphics Security Hole

By - Source: Tom's Hardware US | B 45 comments

Turn off Aero for safety.

A new Windows 7 graphics flaw has been exposed that could expose users of the 64-bit OS to experience non-responsive systems, restarts and unauthorized code execution.

Microsoft detailed in Security Advisory 2028859 that the vulnerability is to do with the Canonical Display Driver (cdd.dll), which is used by desktop composition to blend the Windows Graphics Device Interface (GDI) and DirectX drawing, and affects Windows 7 x64, Windows Server 2008 R2 x64, and Windows Server 2008 R2 for Itanium systems.

Microsoft says that there isn't a big worry because code execution would be "very difficult due to memory randomization both in kernel memory and via Address Space Layout Randomization (ASLR)." Still, those who are worried about security can simply disable Aero visual effects to keep this security flaw at bay until Microsoft issues a fix.

Display 45 Comments.
This thread is closed for comments
Top Comments
  • 24 Hide
    joytech22 , May 20, 2010 11:18 AM
    Not unexpected, Windows has always been the vulnerable OS because of it's dominance, careful users and those with proper security software/settings should be fine :) 
  • 20 Hide
    pocketdrummer , May 20, 2010 2:08 PM
    dextermat-1 MS Wasn't there a similar case happened with windows xp and .jpg...They just never learn: Fix a security hole with one OS but not in the new one.Stop spending money on advertisement and put some in developing better software Ms retarded..


    That's right! Write thousands of lines of new code without encountering any bugs or errors! I'm not a programmer and I know everything! -_-
  • 13 Hide
    matt314 , May 20, 2010 1:16 PM
    randomizerDominance makes an OS vulnerable to attack, but it doesn't contribute to vulnerabilities in the design. That's just a development fault which needs to be corrected.


    All software have vulnerabilities. While some argue that the unix platform is inherently more secure, windows' dominance makes it much more apt to be carefully dissected for vulnerabilities. It is widely known that m$ has the best security policies period.
Other Comments
  • 24 Hide
    joytech22 , May 20, 2010 11:18 AM
    Not unexpected, Windows has always been the vulnerable OS because of it's dominance, careful users and those with proper security software/settings should be fine :) 
  • 11 Hide
    huron , May 20, 2010 11:34 AM
    Agreed...there are numerous bugs, especially since Microsoft has looked to play with most hardware and software and as stated are the big player in the market (particularly business).

    I don't think we'll ever get to perfectly secure coding, so bugs/security holes will continue to exist.
  • 3 Hide
    dalta centauri , May 20, 2010 11:44 AM
    Great, so we don't have a worry. I just thought the title meant something completely different.
  • -3 Hide
    randomizer , May 20, 2010 11:56 AM
    Quote:
    Not unexpected, Windows has always been the vulnerable OS because of it's dominance, careful users and those with proper security software/settings should be fine :) 

    Dominance makes an OS vulnerable to attack, but it doesn't contribute to vulnerabilities in the design. That's just a development fault which needs to be corrected.
  • 13 Hide
    matt314 , May 20, 2010 1:16 PM
    randomizerDominance makes an OS vulnerable to attack, but it doesn't contribute to vulnerabilities in the design. That's just a development fault which needs to be corrected.


    All software have vulnerabilities. While some argue that the unix platform is inherently more secure, windows' dominance makes it much more apt to be carefully dissected for vulnerabilities. It is widely known that m$ has the best security policies period.
  • 1 Hide
    theuerkorn , May 20, 2010 1:18 PM
    Quote:
    ...64-bit OS to experience non-responsive systems, restarts and unauthorized code execution...

    Of those, the non-responsive system has been bugging me for a while. Really thought it was due to the ATI driver, but it appears that it's with MS. Especially since the new architecture is said to prevent exactly that. Hmph.
  • 10 Hide
    scott_madison1 , May 20, 2010 1:51 PM
    Every OS. Has it's flaws. There is positively absolutely no way to make any piece of software 100 percent safe! Honestly I've been running win 7 64 bit since last year and I'm very impressed. My video driver crashes on occasion and 7 almost always gets it back up and going without crashing. Can't say the same for XP!
  • 6 Hide
    pocketdrummer , May 20, 2010 2:00 PM
    randomizerDominance makes an OS vulnerable to attack, but it doesn't contribute to vulnerabilities in the design. That's just a development fault which needs to be corrected.


    Linux, Unix, and OS X aren't full proof. In fact, it could be argued that they are much less secure than Win7 (if you know what you're doing). Design isn't necessarily an issue when you have more attackers than you have employees. The fact that this issue WILL be fixed soon just shows their level of commitment.

    Besides, no amount of programming can stop an individual from giving out their passwords to whatever "official" e-mail that asks. Human error is the largest security hole, and that will NEVER be patched.
  • 20 Hide
    pocketdrummer , May 20, 2010 2:08 PM
    dextermat-1 MS Wasn't there a similar case happened with windows xp and .jpg...They just never learn: Fix a security hole with one OS but not in the new one.Stop spending money on advertisement and put some in developing better software Ms retarded..


    That's right! Write thousands of lines of new code without encountering any bugs or errors! I'm not a programmer and I know everything! -_-
  • 4 Hide
    coldmast , May 20, 2010 2:11 PM
    Well, whens the patch?
  • 4 Hide
    nukemaster , May 20, 2010 2:11 PM
    dextermat-1 MS Wasn't there a similar case happened with windows xp and .jpg...They just never learn: Fix a security hole with one OS but not in the new one.Stop spending money on advertisement and put some in developing better software Ms retarded..

    Aero and a jpeg load exploit are 2 very different things.

    So far i have not had any such crashes. If it starts getting to be an issue for many users I may disable aero. but other then that, its hard to go back to a non v-sync/hardware accelerated desktop.
  • 0 Hide
    neiroatopelcc , May 20, 2010 2:28 PM
    nukemasterAero and a jpeg load exploit are 2 very different things.So far i have not had any such crashes. If it starts getting to be an issue for many users I may disable aero. but other then that, its hard to go back to a non v-sync/hardware accelerated desktop.


    I couldn't live without aero anymore. I've grown so used to it, that disabling it makes me feel like I'm back on windows antique. Even on my 2008 r2 system I installed the 'desktop experience' feature so it didn't feel like an old system. And I barely even need to use it, as it only runs homepage and gateway services.
  • 1 Hide
    superblahman123 , May 20, 2010 2:44 PM
    joytech22Not unexpected, Windows has always been the vulnerable OS because of it's dominance, careful users and those with proper security software/settings should be fine


    I agree partially, Windows is the big target because of it's dominance, but it's also a big target when it advertises unfixed security holes in their OS.

    The first step to fixing a problem is acknowledging the problem, but you'd think that you'd be a little more subtle about it rather than make it public news. I could guarantee that Apple would die if their security issues were published like this.
  • 0 Hide
    waylander , May 20, 2010 2:48 PM
    I just love MS haters... try to imagine where we would be in computing if there had been no MS... Don't try to bring up the other OS's because THEY wouldn't be here except for MS either.

    As aggravating as it is sometimes to encounter a bug, it's nice to know that MS is still LOOKING for bugs and giving us updates instead of ignoring them or not telling us at all.
  • -4 Hide
    Anonymous , May 20, 2010 3:36 PM
    Listen to everyone excusing MS for such a security snafu! Oh, I'll play it safe and turn off Aero.....

    Should I disable Compiz on my Ubuntu box to make you all feel better?

    Not a chance!
Display more comments