Microsoft probing Windows 7 zero-day hole
Summary: Microsoft said it is looking into a report of a vulnerability in Windows 7 and Server 2008 Release 2 that could be used by an attacker to remotely crash the computer.
The company is investigating claims of a "possible denial-of-service vulnerability in Windows Server Message Block (SMB)," the Microsoft spokesperson said, adding that the company was unaware of any attacks trying to exploit the hole.
The bug triggers an infinite loop on the Server Message Block (SMB) protocol used for sharing files in Windows, researcher Laurent Gaffié wrote in a posting on the Full-Disclosure mailing list and on a blog.
For more, read "Microsoft probing Windows 7 zero-day hole" on CNET News.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
I hope Jeremy got some sleep last night
It didn't take long, did it?
;)
first of many zillions
poor bastards.
Remember yesterdays Mac update
So how does the Mac update make this MS flaw acceptable?
The hackers ultimate dream is already here, its Windows.
So explain how the Mac OSX patches makes this major Windows security
flaw more acceptable?
After you show where he made such a claim.
I saw no such claim.
You see nothing...
Probably because he doesn?t hallucinate
No, he's blind as a bat
lol... :D
RE: Microsoft probing Windows 7 zero-day hole
So its not a problem yet and Microsoft is taking the steps to ensure it doesn't become a problem in the future. I love this proactive approach to security by Microsoft!
re:RE: Microsoft probing Windows 7 zero-day hole
<a href="http://praetorianprefect.com/archives/2009/11/how-to-crash-windows-7-and-server-2008/" target="_blank">"Remote SMB Exploit: Crashing Windows 7 and Server 2008"</a>
<font color=#808080><pre>Demonstration
Our victim targets are:
1. A Windows 7 Professional workstation with latest patches.
2. A Windows Server 2008 R2 Standard Core Edition with latest patches.
</pre></font>
^o^
<br>
To download patches on Tuesday!
To download patches on Tuesday!
^o^
Posted by n0neXn0ne
Really, that's your response? you're mistaken. there is no need to go to any sites to get the latest ms updates, security or otherwise.
the Windows Update (inside Control Panel) requires no such web browsing for updates.
So you don't know what proactive is do you
If you hired a house keeper that left your front door open when leaving, you would say its no problem?
I am not taking a shot at MS as this is bound to happen with any OS. I'm taking a shot at you for not holding MS to the same standard you would hold the other OSes.
It is too soon to say it is or is not a problem until they discover whether the claim is real or not. If the vulnerability is real, then it is a real problem that will need a fix. If it can be done prior to any incidence, congrats to MS for fixing a PROBLEM prior to it being exploited.
someone should ban you already
How does this make it past the default firewall?
It's when you use public WIFI
^o^
<br>
Please expand your explanation
re:Please expand your explanation
You are trying to make yourself the subject. You keep your Win7 boxes behind a firewall and never use an Airport or Hotel's wifi and YOU should be safe. Okay?
Security through obscurity works for some but not all. That's why some folks use Linux for the fact alone.
^o^
<br>
Nope, I'm talking about defaults
The [b]default[/b] is that file sharing is off. The [b]default[/b] firewall profile is Public so that even if you turned on file sharing and let it through the Home profile for the firewall, it will be blocked by the Public profile for the firewall. Wait, Linux has default Private and Public firewall profiles that are activated based on the network you have just joined, right?
When your Windows 7 netbook connects to a public WiFi spot, it will, by default, use the Public profile firewall which blocks every single port. That isn't me, that is the default.
Thus concludes your Windows lesson of the day. I accept PayPal. :)
You care ...
^o^
<br>