Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Warns of Windows 7 Graphics Flaw

Posted by CmdrTaco on from the leaky-pipes-make-for-wet-basements dept.

Barence writes "A flaw with the graphics driver in Windows 7 could compromise the stability and security of PCs, Microsoft has warned. The vulnerability lies in the Windows Canonical Display Driver (cdd.dll) for the 64-bit versions of Windows 7 and Windows Server 2008 R2. Microsoft claims that the flaw could lead to machines rebooting or even allow a hacker to remotely execute code, although it claims either eventuality is improbable. Concerned users are being advised to disable Windows Aero until Microsoft can issue a fix."

15 of 262 comments (clear)

  1. Servers by sopssa · · Score: 5, Informative

    and Windows Server 2008 R2

    This is why you don't use unnecessary things like Aero (and graphical displays) on servers. Granted Aero isn't enabled by default on Windows Server 2008, but it's still all unnecessary. Servers are meant to be configured and left running with minimal installs. You can do everything you need to from a command line, and sftp for editing those configuration files. When you have a minimalistic install there's also much less change of some random software having an exploitable bug.

    1. Re:Servers by gotpaint32 · · Score: 4, Insightful

      Its called Windows 2008 Server Core and Powershell. But theres a time and place for everything, try running terminal services from a box with no GUI, I'm sure your users would be very happy with just greenscreen access.

      --
      Nuclear war would really set back cable. - Ted Turner
  2. No way! by Lurchicus · · Score: 5, Funny

    You'll get Areo when you pry it out of my cold dead... damn... it rebooted again!

    --
    Lurchicus - For Sig, see other side.
  3. Oh, sure, fine... by MediaCastleX · · Score: 4, Interesting

    ...This is why I wait to get my tech. I might be on the waning edge of things, but at least I get them when they work.

  4. Worse yet, by Black+Parrot · · Score: 5, Funny

    it might render your porn poorly.

    --
    Sheesh, evil *and* a jerk. -- Jade
  5. I have noticed something related by HopefulIntern · · Score: 4, Informative

    When I am playing BC2 it sometimes interrupts my game to tell me I have run out of memory and Aero is turning off. I cannot imagine why, I have 1GB GPU and 6GB RAM....

    It seems there are some flaws in Aero on 64 bit systems.

  6. better yet by batistuta · · Score: 5, Funny

    This is why you don't use unnecessary things like Aero (and graphical displays) on servers.

    This is why you don't use unnecessary things like Windows Server 2008 R2 on servers.

    There. Fixed it for you

  7. Re:GUI is still there for remote desktop and it's by natehoy · · Score: 4, Insightful

    I can see that. Perhaps you are a small business and you don't want to train your network admins on CLI tools, so they use the "easier" (read: "requires less training") GUI rather than the faster CLI. Fair enough, not everyone can afford fully-trained network engineers to manage a few small in-house servers.

    But, seriously, Aero? Even the least experienced network admin doesn't need to enable Aero to administer the server. It's a waste of CPU and memory resources for something that (hopefully) you spend a few minutes a week on. If you insist on using a GUI to administer your servers, fine, but at least make it the simplest GUI you can use to get your job done.

    As GP said, the simpler your interface, the less likely there is to be an exploitable security flaw in it. The more complex you make your remote access capabilities, the more likely it is that someone else can find a vector in to them.

    SFTP/SSH exchanges very little data and has very few possible attack vectors. "Classic" GUI has a few more attack vectors and possible failures and exchanges a lot more data, but it adds simplicity for those not comfy with the CLI, so there's a logical trade-off there.

    Aero adds a lot more traffic, a lot more complexity, a lot more potential vectors for both failure AND attack, and does not make the GUI any more functional for administrative tasks.

    Now, if you're using Server 2008 on your desktop as your daily machine, and you like sexy GUI, OK, I can see Aero being enabled. But there's no reason to enable Aero on an actual server.

    --
    "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
  8. Re:GUI is still there for remote desktop and it's by Mascot · · Score: 3, Insightful

    CLI does have its uses. There are things it offers that no GUI can, and vice versa.

    But claiming you need it for "real work" is like claiming you need a printing press to print a sheet of paper with "real text" on it. Both are equally ridiculous statements.

    For most work environments, neither CLI nor GUI alone covers all needs. Welcome to the real world, where we use the appropriate tools for each task.

  9. Re:GUI is still there for remote desktop and it's by psbrogna · · Score: 4, Insightful

    While you might not be able to imagine it, those who do know how to perform an administrative task both from a terminal and from a GUI often find that doing it from the terminal is more efficient and more reliable.

  10. Re:GUI is still there for remote desktop and it's by lukas84 · · Score: 3, Insightful

    I'm not sure if being paranoid is the right step - careful, sure, paranoid - no.

    In the end, the goal of IT is to enable it's users to be more productive. Sometimes overparanoid IT guys can make life more difficult for the Users - this should be minimized.

    All of the Windows Server components are always on-the-disk in Server 2008/R2. IIS on the disk, whether you use it or not. But only when enabling it you'll actually get the services you need for it.

    This doesn't hurt. It doesn't compromise security.

  11. Re:Idiotic Moderators. by brennz · · Score: 3, Informative

    Powershell is by far, one of the best Microsoft has created on the scripting side. Why? They basically took a shell and enhanced it by making it object aware, and giving it access to .net. In Microsoft lingo, cmdlets replace unix utilities.

    I am not a fan of the naming conventions they use in powershell! It makes it harder to write terse scripts.

    Please see

    http://w3.linux-magazine.com/issue/78/Bash_vs._Vista_PowerShell.pdf for a comparison of powershell vs Bash.

    http://blog.brandonbloom.name/2009/04/powershell-condemned-to-reinvent.html

  12. WinServer? by Toreo+asesino · · Score: 3, Interesting

    Areo isn't even installed by default with Windows Server 2008 - you have to install it, reboot, and then enable it. That's hardly any attack vector at all IMO.

    --
    throw new NoSignatureException();
  13. Re:GUI is still there for remote desktop and it's by The+End+Of+Days · · Score: 3, Insightful

    In my experience, working the way you like is vastly superior to working the way some Internet stranger likes, regardless of the geek cred it'll give you on Slashdot.

  14. Re:GUI is still there for remote desktop and it's by LinuxAndLube · · Score: 3, Insightful

    From the 20 pictures, copy only those that feature my dog. Start scripting... now!