The vulnerability, which only affects Windows 7 and Windows Server 2008 R2, was publicly discussed ahead of Microsoft’s advisory but the company said there are are no reports of attacks attempting to exploit the flaw.
The flaw was found in the Canonical Display Driver (cdd.dll), which is used by desktop composition to blend the Windows Graphics Device Interface (GDI) and DirectX drawing.
More information from the MSRC blog:
Code execution, while possible in theory, would be very difficult due to memory randomization both in kernel memory and via Address Space Layout Randomization (ASLR). Additionally, this vulnerability only affects Windows systems if they have the Aero theme installed; Aero is not switched on by default in Windows Server 2008 R2, nor does 2008 R2 include Aero-capable graphics drivers by default.
In most scenarios, Microsoft believes it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart.
The company has activated its security response process and promises a patch once the investigations are complete.
In the meantime, affected Windows 7 or Windows 2008 R2 users should consider disabling the Windows Aero Theme to prevent the issue from being exploited.
To disable Windows Aero by changing the theme, perform the following steps for each user on a system:
- Click Start, select the Control Panel, and then click on Appearance and Personalization.
- Under the Personalization category, click on Change the Theme.
- Scroll to the bottom of the listed themes and select one of the available Basic and High Contrast Themes.