Microsoft has issued an advisory for a vulnerability in a component of a small number of Windows versions. The company judges the compromise as very difficult to pull off. Theoretically, it could result in remote code execution, but is much more likely to hang and then reboot the system.

Best online Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com

The 64-bit versions of Windows 7 and Windows Server 2008 R2, as well as the Itanium version of Windows Server 2008 R2, are vulnerable to an attack against the Canonical Display Driver (cdd.dll), part of the desktop composition components of Windows. The problem is that cdd.dll does not properly parse data copied from user mode to kernel mode. Because of ASLR (address space layout randomization) it would be very difficult to execute remote code using this attack. Microsoft has rated the exploitability of this vulnerability as “3” for “reliable exploit code unlikely.”

No patch is available yet for the issue. Microsoft is studying it and, based on today’s announcement, this would seem to be a low-priority problem. In the meantime, the advisory describes how users can disable Windows Aero, which blocks the problem.

Microsoft released the advisory after the vulnerability was publicly disclosed. They are not aware of any attacks using the vulnerability.