Slashdot Mirror
Microsoft Warns of Windows 7 Graphics Flaw
Barence writes "A flaw with the graphics driver in Windows 7 could compromise the stability and security of PCs, Microsoft has warned. The vulnerability lies in the Windows Canonical Display Driver (cdd.dll) for the 64-bit versions of Windows 7 and Windows Server 2008 R2. Microsoft claims that the flaw could lead to machines rebooting or even allow a hacker to remotely execute code, although it claims either eventuality is improbable. Concerned users are being advised to disable Windows Aero until Microsoft can issue a fix."
and Windows Server 2008 R2
This is why you don't use unnecessary things like Aero (and graphical displays) on servers. Granted Aero isn't enabled by default on Windows Server 2008, but it's still all unnecessary. Servers are meant to be configured and left running with minimal installs. You can do everything you need to from a command line, and sftp for editing those configuration files. When you have a minimalistic install there's also much less change of some random software having an exploitable bug.
You'll get Areo when you pry it out of my cold dead... damn... it rebooted again!
Lurchicus - For Sig, see other side.
...This is why I wait to get my tech. I might be on the waning edge of things, but at least I get them when they work.
it might render your porn poorly.
Sheesh, evil *and* a jerk. -- Jade
When I am playing BC2 it sometimes interrupts my game to tell me I have run out of memory and Aero is turning off. I cannot imagine why, I have 1GB GPU and 6GB RAM....
It seems there are some flaws in Aero on 64 bit systems.
This is why you don't use unnecessary things like Aero (and graphical displays) on servers.
This is why you don't use unnecessary things like Windows Server 2008 R2 on servers.
There. Fixed it for you
I can see that. Perhaps you are a small business and you don't want to train your network admins on CLI tools, so they use the "easier" (read: "requires less training") GUI rather than the faster CLI. Fair enough, not everyone can afford fully-trained network engineers to manage a few small in-house servers.
But, seriously, Aero? Even the least experienced network admin doesn't need to enable Aero to administer the server. It's a waste of CPU and memory resources for something that (hopefully) you spend a few minutes a week on. If you insist on using a GUI to administer your servers, fine, but at least make it the simplest GUI you can use to get your job done.
As GP said, the simpler your interface, the less likely there is to be an exploitable security flaw in it. The more complex you make your remote access capabilities, the more likely it is that someone else can find a vector in to them.
SFTP/SSH exchanges very little data and has very few possible attack vectors. "Classic" GUI has a few more attack vectors and possible failures and exchanges a lot more data, but it adds simplicity for those not comfy with the CLI, so there's a logical trade-off there.
Aero adds a lot more traffic, a lot more complexity, a lot more potential vectors for both failure AND attack, and does not make the GUI any more functional for administrative tasks.
Now, if you're using Server 2008 on your desktop as your daily machine, and you like sexy GUI, OK, I can see Aero being enabled. But there's no reason to enable Aero on an actual server.
"This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
While you might not be able to imagine it, those who do know how to perform an administrative task both from a terminal and from a GUI often find that doing it from the terminal is more efficient and more reliable.