madison
Home / News & Blogs

Microsoft probing Windows 7 zero-day hole

Elinor Mills CNET News | November 12, 2009 5:12 AM PST

Summary

Microsoft said it is looking into a report of a vulnerability in Windows 7 and Server 2008 Release 2 that could be used by an attacker to remotely crash the computer.

Topics

Vulnerability, Microsoft Corp., Server Message Block, Microsoft Windows 7, Microsoft Windows, Security, Operating Systems, Software, Microsoft, attack, zero day, Elinor Mills CNET News
Microsoft said on Wednesday it is looking into a report of a vulnerability in Windows 7 and Server 2008 Release 2 that could be used by an attacker to remotely crash the computer.

The company is investigating claims of a "possible denial-of-service vulnerability in Windows Server Message Block (SMB)," the Microsoft spokesperson said, adding that the company was unaware of any attacks trying to exploit the hole.

The bug triggers an infinite loop on the Server Message Block (SMB) protocol used for sharing files in Windows, researcher Laurent GaffiƩ wrote in a posting on the Full-Disclosure mailing list and on a blog.

For more, read "Microsoft probing Windows 7 zero-day hole" on CNET News.

Talkback Most Recent of 47 Talkback(s)

  • I hope Jeremy got some sleep last night
    because he probably won't be getting much in the near future.
    ZDNet Gravatar
    Michael Kelly
    12th Nov 2009
  • It didn't take long, did it?
    Let's see...it was released, when? Oct. 22nd?

    wink
    ZDNet Gravatar
    Wintel BSOD
    13th Nov 2009
  • first of many zillions
    is there anything worse than being MS security programmer?

    poor bastards.
    ZDNet Gravatar
    ljenux-23043766007667558234416105604265
    12th Nov 2009
  • Remember yesterdays Mac update
    I seem to remember that Mac put out an OSX update that covered over 50 security fixes. Just think if they had a user base world wide bigger than the PC base in New York. A hackers dream!
    ZDNet Gravatar
    spaul40
    12th Nov 2009
  • So how does the Mac update make this MS flaw acceptable?
    Yeah ... this Windows flaw only effects hundred of millions!

    The hackers ultimate dream is already here, its Windows.

    So explain how the Mac OSX patches makes this major Windows security
    flaw more acceptable?
    ZDNet Gravatar
    john_gillespie@...
    12th Nov 2009
    • Flagged
  • After you show where he made such a claim.
    So how does the Mac update make this MS flaw acceptable?

    I saw no such claim.
    ZDNet Gravatar
    ye
    12th Nov 2009
    • Flagged
  • You see nothing...
    As usual...
    ZDNet Gravatar
    Wintel BSOD
    13th Nov 2009
  • Probably because he doesn?t hallucinate
    unlike you
    ZDNet Gravatar
    count trouble
    13th Nov 2009
  • No, he's blind as a bat
    Must've been those glasses you supplied him...

    lol... grin
    ZDNet Gravatar
    Wintel BSOD
    14th Nov 2009
  • RE: Microsoft probing Windows 7 zero-day hole
    adding that the company was unaware of any attacks trying to exploit the hole.

    So its not a problem yet and Microsoft is taking the steps to ensure it doesn't become a problem in the future. I love this proactive approach to security by Microsoft!
    ZDNet Gravatar
    Loverock Davidson
    12th Nov 2009
  • re:RE: Microsoft probing Windows 7 zero-day hole
    "So its not a problem yet and Microsoft is taking the steps to ensure it doesn't become a problem in the future."

    "Remote SMB Exploit: Crashing Windows 7 and Server 2008"

    Demonstration

    Our victim targets are:

    1. A Windows 7 Professional workstation with latest patches.
    2. A Windows Server 2008 R2 Standard Core Edition with latest patches.


    ^o^

    ZDNet Gravatar
    n0neXn0ne
    12th Nov 2009
  • To download patches on Tuesday!
    ?And why would you surf the net from a production server anyway!?

    To download patches on Tuesday!

    ^o^


    Posted by n0neXn0ne

    Really, that's your response? you're mistaken. there is no need to go to any sites to get the latest ms updates, security or otherwise.

    the Windows Update (inside Control Panel) requires no such web browsing for updates.
    ZDNet Gravatar
    whoflungdung
    12th Nov 2009
  • So you don't know what proactive is do you
    They are reacting to a risk that was brought to their attention.

    If you hired a house keeper that left your front door open when leaving, you would say its no problem?

    I am not taking a shot at MS as this is bound to happen with any OS. I'm taking a shot at you for not holding MS to the same standard you would hold the other OSes.

    It is too soon to say it is or is not a problem until they discover whether the claim is real or not. If the vulnerability is real, then it is a real problem that will need a fix. If it can be done prior to any incidence, congrats to MS for fixing a PROBLEM prior to it being exploited.
    ZDNet Gravatar
    Viva la crank dodo
    12th Nov 2009
  • someone should ban you already
    ...when they didn't do it proactively...
    ZDNet Gravatar
    ljenux-23043766007667558234416105604265
    12th Nov 2009
  • How does this make it past the default firewall?
    Thanks in advance for letting me know how a "bad guy" can make it past my NAT router, past my firewall, and then crash my machine through a service that is off by default.
    ZDNet Gravatar
    NonZealot
    12th Nov 2009
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity