Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Warns of Windows 7 Graphics Flaw

Posted by CmdrTaco on from the leaky-pipes-make-for-wet-basements dept.

Barence writes "A flaw with the graphics driver in Windows 7 could compromise the stability and security of PCs, Microsoft has warned. The vulnerability lies in the Windows Canonical Display Driver (cdd.dll) for the 64-bit versions of Windows 7 and Windows Server 2008 R2. Microsoft claims that the flaw could lead to machines rebooting or even allow a hacker to remotely execute code, although it claims either eventuality is improbable. Concerned users are being advised to disable Windows Aero until Microsoft can issue a fix."

3 of 262 comments (clear)

  1. Re:Servers by gotpaint32 · · Score: 4, Insightful

    Its called Windows 2008 Server Core and Powershell. But theres a time and place for everything, try running terminal services from a box with no GUI, I'm sure your users would be very happy with just greenscreen access.

    --
    Nuclear war would really set back cable. - Ted Turner
  2. Re:GUI is still there for remote desktop and it's by natehoy · · Score: 4, Insightful

    I can see that. Perhaps you are a small business and you don't want to train your network admins on CLI tools, so they use the "easier" (read: "requires less training") GUI rather than the faster CLI. Fair enough, not everyone can afford fully-trained network engineers to manage a few small in-house servers.

    But, seriously, Aero? Even the least experienced network admin doesn't need to enable Aero to administer the server. It's a waste of CPU and memory resources for something that (hopefully) you spend a few minutes a week on. If you insist on using a GUI to administer your servers, fine, but at least make it the simplest GUI you can use to get your job done.

    As GP said, the simpler your interface, the less likely there is to be an exploitable security flaw in it. The more complex you make your remote access capabilities, the more likely it is that someone else can find a vector in to them.

    SFTP/SSH exchanges very little data and has very few possible attack vectors. "Classic" GUI has a few more attack vectors and possible failures and exchanges a lot more data, but it adds simplicity for those not comfy with the CLI, so there's a logical trade-off there.

    Aero adds a lot more traffic, a lot more complexity, a lot more potential vectors for both failure AND attack, and does not make the GUI any more functional for administrative tasks.

    Now, if you're using Server 2008 on your desktop as your daily machine, and you like sexy GUI, OK, I can see Aero being enabled. But there's no reason to enable Aero on an actual server.

    --
    "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
  3. Re:GUI is still there for remote desktop and it's by psbrogna · · Score: 4, Insightful

    While you might not be able to imagine it, those who do know how to perform an administrative task both from a terminal and from a GUI often find that doing it from the terminal is more efficient and more reliable.