Microsoft warns of unpatched Windows driver flaw

Microsoft on Tuesday disclosed a publicly known vulnerability in its Canonical Display Driver, which is used by the Windows desktop composition feature to blend drawings created in Graphics Device Interface and DirectX.

Systems running Windows 7 64-bit, Server 2008 R2 64-bit and Server 2008 R2 for Itanium are subject to the vulnerability, according to an advisory. 

The flaw can lead to remote code execution, but that is unlikely because reliable exploit code would be difficult to create, Jerry Bryant, group manager of response communications at Microsoft, said in a blog post. Users are more likely to experience an unresponsive system that keeps rebooting.

"Code execution, while possible in theory, would be very difficult due to memory randomization both in kernel memory and via Address Space Layout Randomization," Bryant said. "Additionally, this vulnerability only affects Windows systems if they have the Aero theme installed."

Aero is the graphical user interface installed in most editions of Windows 7 and Vista. However, it is not turned on by default in Server 2008 R2.

For those running systems on which Aero is switched on, users may want to disable it as a workaround, Bryant said.

"With Aero disabled, the path by which cdd.dll (Canonical Display Driver) can be exploited is bypassed," he said.

Microsoft is working on a patch. The software giant's next batch of fixes is due June 8.