Microsoft: Windows 7 not affected by latest flaw

Ina Fried CNET News | September 9, 2009 3:52 AM PDT

Summary

Following up on a vulnerability disclosed in the last 24 hours, Microsoft says the flaw affects Vista and Windows Server 2008, but not the final version of Windows 7.

Topics

Flaw, Vulnerability, Microsoft Corp., Microsoft Windows, Microsoft Windows 7, Microsoft Windows Server 2008, Security, Operating Systems, Software, Microsoft, security, patches, Patch Tuesday, Ina Fried

Vendor HotSpot

Here to help you with your Document Management Needs

Read the DocuMentor blog now

Learn More »

Microsoft issued a formal security advisory late Tuesday on a reported zero-day flaw in Windows Vista and Windows Server 2008. However, the software maker also said that the flaw does not affect the final version ofWindows 7, contrary to earlier reports.

"Microsoft is investigating new public reports of a possible vulnerability in Microsoft Server Message Block (SMB) implementation," Microsoft said in the advisory. "We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time."

The flaw could allow an attacker to gain control of a system, although Microsoft said that "most attempts to exploit this vulnerability will cause an affected system to stop responding and restart."

The software maker said it is working with security software partners to provide information that can be used to create protections. Once its investigation is wrapped up, Microsoft said it will take action, which could include releasing a patch during its next monthly cycle or doing an "out-of-band" release, if necessary. Tuesday was Microsoft's monthly release for patches, which included five critical Windows updates addressing eight vulnerabilities.

The software maker said the latest issue affects the "release candidate" version of Windows 7, but not the final version that was completed in July. Also, the recently completed Windows Server 2008 R2 is not vulnerable, Microsoft said, nor are the earlier Windows XP and Windows 2000 operating systems.

Microsoft is already dealing with a separate, still unpatched flaw reported last week. Attacks have already been seen based on that vulnerability. Microsoft has taken issue with the fact that that flaw, like the latest one, was reported publicly as opposed to being privately disclosed to Microsoft, giving the company time to patch it.

This article was originally posted on CNET News.

Talkback Most Recent of 13 Talkback(s)

Follow via:: RSS; Email Alert

RE: Microsoft: Windows 7 not affected by latest flaw

Links at the end of the article are broken.
gnesterenko
9th Sep 2009
- Reply to
- Flag
RE: Microsoft: Windows 7 not affected by latest flaw

yo fan boys, 7 will rule!!
shellcodes_coder
9th Sep 2009
- Reply to
- Flag
Why?

Why? Will it run my software?
Stan57
9th Sep 2009
- Reply to
- Flag
RE: Microsoft: Windows 7 not affected by latest flaw

"Microsoft has taken issue with the fact that that flaw, like the latest one, was reported publicly as opposed to being privately disclosed to Microsoft, giving the company time to patch it."

Have they started paying researchers for finding flaws yet?
zdnet-registraion
9th Sep 2009
- Reply to
- Flag
RE: Microsoft: Windows 7 not affected by latest flaw

Do Ford, Nissan, GM or any of the other manufacturers support organisations who find fault in their products?

No

The software industry is the only industry globally that suffers this kind of scrutiny. If we looked at the latest version of software in the same way as we look at the newest model car or cooker or microwave we would be a far healthier society. We should be able to appreciate technological advances.

We should not be constantly looking for the negative. Looking for the faults. Looking for the downside.

Computers and software are the greatest achievement of mankind. We have created a technology that is potentially even more intelligent than us (if you consider mankind to be intelligent). All our needs regarding climate change, sustainability etc. may be resolved with new technology. Computers and software are the key underpinning advancing technology. This has been ascendant for two decades now.

Mankind should be worshipping software as its saviour.

Not a flaw. Just closer to perfection than we have ever been before.
JohnnieBG2
10th Sep 2009
- Reply to
- Flag
Whoa is that a scientology thing? When we create true AI, will it be God?

Will it turn on us and become the next "Evolution" of man? It's a shame we could all be sent back to the iron age with a well placed EMP or two.

Everything built by human inevitably contains flaws. Flaws we will continue attempting to resolve in the desire to attain perfection. Perfection we as humans will never achieve. But we must continue trying.
invmgr@...
8th Oct 2009
- Reply to
- Flag
Woah! Let's not get carried away there, bub.

We have created a technology that is potentially even more intelligent than us (if you consider mankind to be intelligent).

I understand that some people can get carried away with superlatives and with fanaticism and sensationalism, but hold your horses there.

There has not been a machine, or computer or software or any combination of all of the above that can come even close to human intelligence. In fact, no computer/software combo can come even close to the intelligence of a dog. Not yet anyway.

Artificial Intelligence researchers have been trying for the last 40-50 years to emulate "intelligence", but as of today, they are almost as far from attaining that goal as they were some 30 years ago. In fact, AI hasn't even been able to match the intelligence of an ant.
adornoe@...
8th Oct 2009
- Reply to
- Flag
Zero Intelligence

Computers have zero intelligence, they just carry out simple calculations very very fast. Sometimes this can create an illusion of intelliegence, but that's all.
AndyPagin
9th Oct 2009
- Flag
You need to get out more!

> Mankind should be worshipping software as its saviour.
dgrainge
8th Oct 2009
- Reply to
- Flag
RE: Microsoft: Windows 7 not affected by latest flaw

Whats a "zero-day flaw". I clicked on the ZDNet link and got a 404 error.

Michelle
http://www.metrony.com
metrony
10th Sep 2009
- Reply to
- Flag
A zero-day (or zero-hour) attack

A zero-day (or zero-hour) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others (including the vendor), or for which no security fix is currently available. Zero-day exploits are used, and/or shared by the attackers and unaware users, before the software vendor knows about the vulnerability.

The term derives from the age of the exploit. When a software vendors become aware of such a security hole, there is a race to fix it before attackers discover it or the vulnerability goes public. A "zero day" attack occurs on or before the first or "zero" day of vendor awareness, thus the vendor has not had any opportunity to disseminate a security fix to users of the software.
Usual methods of malware is to over-run buffer memory (or heap memory) when hacked data is loaded, allowing arbitrary code to be implanted on system that can cause the operating system to crash or security to be breached. Exploiting this type of flaw is usually operating system/application specific.
Agnostic_OS
10th Oct 2009
- Reply to
- Flag
RE: Microsoft: Windows 7 not affected by latest flaw

When human kind become "perfect", then we will have "perfect" software
dishnetman
8th Oct 2009
- Reply to
- Flag
When humankind becomes "perfect"...

then we will have become like a god and we'll have no need at all for software or computers.
adornoe@...
10th Oct 2009
- Reply to
- Flag