Microsoft Warned About Bug in Windows 7 Version 64-bit
Microsoft warned users of the vulnerability in Windows 7 64-bit versions of Windows Server 2008 R2 that can be used to hijack the system. The bug exists in the Windows Display Driver Canonical, which combines the main interface graphical operating system, called the Graphics Device Interface (GDI) and DirectX to arrange the desktop.
According to Jerry Bryant, a group manager with Microsoft Security Response Center (MSRC), the vulnerability affects every machine with a flashy interface, that is Aero, which is the default setting at all and also the most expensive features in Windows 7. Aero is a feature that can optionally be installed on Windows Server 2008 R2.
“If exploited, it is likely to cause the system to stop responding and will restart,” Bryant said in an entry in the MSRC blog. “Code execution, while possible in theory, it is very difficult due to randomization in both memory and kernel memory through the Address Space Layout Randomization (ASLR).”
However, ASLR, one of the fortress defense and security of Windows 7 and Vista, has repeatedly bypassed by the investigators, including two who won a prize money of $ 10,000 in hacking contest in March Pwn2Own ago.
Microsoft parties give ratings for this bug for three points, the lowest of the three-step scoring system / valuation is used by the company to predict the possibility of a reliable attack code appears within the next 30 days. According to these scores, Microsoft believes that hackers are not likely to emerge by exploiting bugs in the coming months.
Currently, Microsoft is developing a security update for Windows that will show the vulnerability of the bug. As a temporary solution, users are asked not to activate the Aero features.
The attackers could exploit this vulnerability by deceiving the user to visit a dangerous site that is equipped with a malicious image, Microsoft advisory warns.
To disable Aero, the user can click on Start – Control Panel – then click “Appearance and Personalization”, under the menu “Presentation” then click the “Change Theme” and then select one of the “Basic Themes and High Contrast.”