Has anybody heard of this yet?


Microsoft Warns of Bug in 64-bit Win 7
Computerworld reports that on May 18 Microsoft issued a Security Advisory about a bug discovered in the 64-bit version of Windows 7 and Server 2008 R2, the bug involves the Aero visual theme and could be used to hijack systems.

Specifically, the bug involves the Canonical Display Driver which blends the operating systemís primary graphics interface with Directx to create the Aero theme on the desktop. The bug affects any computer running the Aero theme which is the default in almost all Windows 7 editions sold and it is an option for Windows Server 2008 R2.

Jerry Bryant, a group manager with the Microsoft Security Response Center (MSRC) says on the MSRC blog that what the bug actually does is if exploited, it would likely cause the affected system to stop responding and restart. Code execution, while possible in theory, would be very difficult due to memory randomization both in kernel memory and via Address Space Layout Randomization (ASLR).

The bug has an exploitability rating of 3 by Microsoft which is the lowest on their three-step scale used to predict if an exploit could appear in the next 30 days. The low rating means that Microsoft thinks that it would be unlikely for an exploit to appear in the next month although now that the news is out about the bug they admit that things could change rapidly. Microsoft is currently developing a security update for the vulnerability and until then they recommend turning off the Aero theme to protect machines. The next cycle of security updates are scheduled for June 8.