While a vulnerability does exist in the latest Windows client and server platforms with Aero enabled, actually getting exploit code to work and performing successful attacks are not likely to happen. Microsoft downplayed the risk users of Windows 7 64-bit, Windows Server 2008 R2 for 64-bit systems and Windows Server 2008 R2 Itanium systems were exposed to, indicating that the new zero-day, for which details had been disclosed in the wild, was extremely hard to exploit. At the same time, the Redmond company underlined that it was not aware of any attacks targeting the flaw, or of exploit code capable of reaching execution. Jerry Bryant
, group manager, Response Communications, Microsoft, revealed that the new security hole resided in the Windows Canonical Display Driver
(cdd.dll). Microsoft has already published Security Advisory 2028859
, informing customers of the issue and offering advice on how to stay protected until a patch is offered.