Microsoft probing Windows 7 zero-day hole

Microsoft probing Windows 7 zero-day hole

Summary: Microsoft said it is looking into a report of a vulnerability in Windows 7 and Server 2008 Release 2 that could be used by an attacker to remotely crash the computer.

SHARE:
Microsoft said on Wednesday it is looking into a report of a vulnerability in Windows 7 and Server 2008 Release 2 that could be used by an attacker to remotely crash the computer.

The company is investigating claims of a "possible denial-of-service vulnerability in Windows Server Message Block (SMB)," the Microsoft spokesperson said, adding that the company was unaware of any attacks trying to exploit the hole.

The bug triggers an infinite loop on the Server Message Block (SMB) protocol used for sharing files in Windows, researcher Laurent Gaffié wrote in a posting on the Full-Disclosure mailing list and on a blog.

For more, read "Microsoft probing Windows 7 zero-day hole" on CNET News.

Topics: Microsoft, Operating Systems, Security, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

47 comments
Log in or register to join the discussion
  • I hope Jeremy got some sleep last night

    because he probably won't be getting much in the near future.
    Michael Kelly
    • It didn't take long, did it?

      Let's see...it was released, when? Oct. 22nd?

      ;)
      Wintel BSOD
  • first of many zillions

    is there anything worse than being MS security programmer?

    poor bastards.
    ljenux-23043766007667558234416105604265
    • Remember yesterdays Mac update

      I seem to remember that Mac put out an OSX update that covered over 50 security fixes. Just think if they had a user base world wide bigger than the PC base in New York. A hackers dream!
      spaul40
      • So how does the Mac update make this MS flaw acceptable?

        Yeah ... this Windows flaw only effects hundred of millions!

        The hackers ultimate dream is already here, its Windows.

        So explain how the Mac OSX patches makes this major Windows security
        flaw more acceptable?
        john_gillespie@...
        • After you show where he made such a claim.

          [i]So how does the Mac update make this MS flaw acceptable?[/i]

          I saw no such claim.
          ye
          • You see nothing...

            As usual...
            Wintel BSOD
          • Probably because he doesn?t hallucinate

            unlike you
            count trouble
          • No, he's blind as a bat

            Must've been those glasses you supplied him...

            lol... :D
            Wintel BSOD
  • RE: Microsoft probing Windows 7 zero-day hole

    [i]adding that the company was unaware of any attacks trying to exploit the hole. [/i]

    So its not a problem yet and Microsoft is taking the steps to ensure it doesn't become a problem in the future. I love this proactive approach to security by Microsoft!
    Loverock Davidson
    • re:RE: Microsoft probing Windows 7 zero-day hole

      <font color=#808080><em>"So its not a problem yet and Microsoft is taking the steps to ensure it doesn't become a problem in the future."</em></font>

      <a href="http://praetorianprefect.com/archives/2009/11/how-to-crash-windows-7-and-server-2008/" target="_blank">"Remote SMB Exploit: Crashing Windows 7 and Server 2008"</a>

      <font color=#808080><pre>Demonstration

      Our victim targets are:

      1. A Windows 7 Professional workstation with latest patches.
      2. A Windows Server 2008 R2 Standard Core Edition with latest patches.
      </pre></font>

      ^o^
      <br>
      n0neXn0ne
      • To download patches on Tuesday!

        ?And why would you surf the net from a production server anyway!?

        To download patches on Tuesday!

        ^o^


        Posted by n0neXn0ne

        Really, that's your response? you're mistaken. there is no need to go to any sites to get the latest ms updates, security or otherwise.

        the Windows Update (inside Control Panel) requires no such web browsing for updates.
        whoflungdung
    • So you don't know what proactive is do you

      They are reacting to a risk that was brought to their attention.

      If you hired a house keeper that left your front door open when leaving, you would say its no problem?

      I am not taking a shot at MS as this is bound to happen with any OS. I'm taking a shot at you for not holding MS to the same standard you would hold the other OSes.

      It is too soon to say it is or is not a problem until they discover whether the claim is real or not. If the vulnerability is real, then it is a real problem that will need a fix. If it can be done prior to any incidence, congrats to MS for fixing a PROBLEM prior to it being exploited.
      Viva la crank dodo
    • someone should ban you already

      ...when they didn't do it proactively...
      ljenux-23043766007667558234416105604265
  • How does this make it past the default firewall?

    Thanks in advance for letting me know how a "bad guy" can make it past my NAT router, past my firewall, and then crash my machine through a service that is off by default.
    NonZealot
    • It's when you use public WIFI

      Hence Win7 netbooks.

      ^o^
      <br>
      n0neXn0ne
      • Please expand your explanation

        You've gotten past the NAT router. Now you just need to make it past the default firewall and into a service that is off by default. Surely you didn't reply without reading my whole post, right?
        NonZealot
        • re:Please expand your explanation

          YOu don't need to jump through hoops at a public WIFI.

          You are trying to make yourself the subject. You keep your Win7 boxes behind a firewall and never use an Airport or Hotel's wifi and YOU should be safe. Okay?

          Security through obscurity works for some but not all. That's why some folks use Linux for the fact alone.

          ^o^
          <br>
          n0neXn0ne
          • Nope, I'm talking about defaults

            [i]You are trying to make yourself the subject. You keep your Win7 boxes behind a firewall and never use an Airport or Hotel's wifi and YOU should be safe. Okay?[/i]

            The [b]default[/b] is that file sharing is off. The [b]default[/b] firewall profile is Public so that even if you turned on file sharing and let it through the Home profile for the firewall, it will be blocked by the Public profile for the firewall. Wait, Linux has default Private and Public firewall profiles that are activated based on the network you have just joined, right?

            When your Windows 7 netbook connects to a public WiFi spot, it will, by default, use the Public profile firewall which blocks every single port. That isn't me, that is the default.

            Thus concludes your Windows lesson of the day. I accept PayPal. :)
            NonZealot
          • You care ...

            ... for a proof of concept? <a href="http://whatismyip.com/" target="_blank">What's your netbook ip?</a> ;)

            ^o^
            <br>
            n0neXn0ne