'Highly critical' Windows 7 bug causes BSOD

Summary:Security company Secunia has flagged a vulnerability in Windows 7 as highly critical, after it verified a tweeted claim that the operating system could be forced into a "blue screen of death" (BSOD) under certain quirky circumstances.

Security company Secunia has flagged a vulnerability in Windows 7 as highly critical, after it verified a tweeted claim that the operating system could be forced into a "blue screen of death" (BSOD) under certain quirky circumstances.

(BSOD 0x07B image by Justin, CC BY 2.0)

According to the advisory, the vulnerability is caused by an error in a Windows system file, Win2k.sys, which can be exploited to corrupt memory. The advisory states that it could be used to allow the execution of arbitrary code to take control of the machine.

There is a caveat, however; the machine has to be running the 64-bit version of Windows 7, and at the moment the only known way to trigger the vulnerability is when a specially crafted website containing an inline frame element with an overly large height attribute is viewed using Safari. Other browsers do not appear to be vulnerable.

Secunia states that fully patched versions of Windows 7 64-bit are vulnerable, classifying this as a zero-day exploit by definition; however, it is unlikely that many users will be affected.

According to the most recent statistics from StatCounter, Safari accounted for only 5.92 per cent of global browser use last month. Although there isn't enough information to build a correlation between the two statistics, it's worth noting that Safari is the default browser on OS X, an operating system that accounted for only 7.05 per cent of global operating system use last month.

Given this, it would be reasonable to assume that the proportion of users running Safari on Windows 7 would be a significantly small proportion of users, and certainly not in excess of 5.92 per cent of total users. Of those, vulnerable 64-bit users would then represent a smaller subset still.

Topics: Apple, Microsoft, Security, Windows

About

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.