The bug is in Windows' Canonical Display Driver, which blends the operating system's primary graphics interface, dubbed Graphics Device Interface (GDI), and DirectX to compose the desktop.

According to Jerry Bryant, a group manager with the Microsoft Security Response Center (MSRC), the vulnerability affects any machine with the flashy "Aero" interface, which is the default on all but the least-expensive editions of Windows 7. Aero is an optional install on Windows Server 2008 R2.

"If exploited, it would likely cause the affected system to stop responding and restart," said Bryant in an entry on the . "Code execution, while possible in theory, would be very difficult due to memory randomization both in kernel memory and via Address Space Layout Randomization (ASLR)."

However, ASLR, one of the bulwarks of Windows 7's and Vista's security defenses, has been , including two who won $10,000 cash prizes at the noted Pwn2Own hacking contest in March.

Microsoft gave the bug an exploitability index rating of "3," the lowest of the company's three-step scoring system it uses to predict the likelihood of reliable attack code appearing in the next 30 days. According to that score, believes it's unlikely hackers will come up with an exploit in the coming month.