Critical security flaw discovered in Windows 7
May 19, 2010
Microsoft warned Windows 7 users yesterday of a critical security flaw in the 64-bit versions of its PC operating system and its Windows Server 2008 R2 that could expose users to malware attacks.
Overall, exploitation of the security hole in the Canonical Display Driver would most likely only cause vulnerable PCs to reboot, Microsoft spokesman Jerry Bryant said in a blog post.
However, it could also be abused to silently install malware and potential viruses, although attackers would first have to bypass memory randomization protections baked in to the operating system to prevent code execution attacks, added Bryant.
The security vulnerability stems from the Canonical Display Driver's failure to properly parse information copied from user mode to kernel mode.
Potential hackers could exploit it by tricking a victim into viewing a booby-trapped image file on a website or in a malicious email.
The driver emulates the Windows XP display driver for interactions with earlier Windows graphics engines.
Bryant said a fix would be forthcoming on a 'Patch Tuesday' event, but didn't say when.
Meantime, Windows 7 users can prevent such attacks by disabling the Windows Aero Theme. To turn it off, choose Start > Control Panel and click on Appearance and Personalization. Then click on Change the Theme.
Then select one of the Basic and High Contrast Themes.
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing