Microsoft issued an advisory on the bug that also impacts Windows Server 2008 R2 for Itanium-based systems.
The flaw, lies in the Canonical Display Driver that blends the Windows graphics device interface and DirectX drawing.
Apparently CDD does not properly parse information copied from user mode to kernel mode. This means that an attacker could exploit the vulnerability to cause an affected system to stop responding and automatically restart.
It is difficult, but not impossible, for an attacker to exploit the bug to run arbitrary code.
According to the Microsoft advisory, an attacker who attempts to exploit this problem for code execution would need to write executable content to a specific space in kernel memory.
Since the starting address will be random, the final pointer destination will be difficult to predict. It is made harder by the implementation of Address Space Layout Randomisation (ASLR) by default on affected systems further complicates this prediction.
The vulnerability only affects Windows systems if they have the Aero theme installed, and it is not switched on by default in Windows Server 2008 R2.
Writing in his bog , Jerry Bryant, group manager of Microsoft Security Response Center communications, said that reliable exploit code was unlikely to happen.
Meanwhile, Redmond is developing a security update for Windows that will address it.
If you want to be really sure you’re safe, you could disable Windows Aero as a workaround to protect against potential threats. With Aero disabled, the path by which cdd.dll can be exploited is bypassed.