09.08.09

Vista 7 Less Secure Than Predecessors? Remote BSoD Now Possible!

Posted in Marketing, Microsoft, Security, Vista, Vista 7, Windows at 4:46 am by Dr. Roy Schestowitz

BSoD for Novell

Summary: Vista and Vista 7 can be crashed remotely due to a newly-disclosed vulnerability

SO, Microsoft rewrote some networking components for Windows Vista, which may sound like a positive thing. Security experts warned that Microsoft had simply abandoned mature, well-established BSD code and they were right. Does anyone remember those flaws in Windows 95 which enabled remote computer users to ‘nuke’ their friends and foes (causing their computer to BSoD) given only their IP address? Well, that’s back in Vista 7.

Freshly disclosed: “Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.”

V. BUSINESS IMPACT

An attacker can remotly crash without no user interaction, any Vista/Windows 7 machine with SMB enable. Windows Xp, 2k, are NOT affected as they dont have this driver.

VI. SYSTEMS AFFECTED

Windows Vista/7 All (64b/32b|SP1/SP2 fully updated) and possibly Win Server 2008 as it use the same SMB2.0 driver (not tested).

Wow. That is some serious stuff. What might it do to the already-poor track record of Vista 7 in security? The Register wrote about the death of the “Vista” brand and it might be just a matter of time before Vista 7′s brand is tarnished to the same extent.

Microsoft spent an absolute fortune on the Vista brand. In marketing terms, the Vista campaign was huge by any standards, and was a big success insofar as raising awareness of Microsoft’s next-generation Windows offering was concerned.

Sounds familiar? Vista 7 is Vista all over again; the resemblance in terms of hype and marketing is uncanny.

Well, if “Windows 7″ ends up like Vista in the market, then Microsoft will at least have the “Mojave” brand. Microsoft (and its extended ecosystem) can no longer just throw trolls at the problem. The hundreds of millions of dollars spent on building brands and bullying critics [1, 2, 3, 4] do have a limited shelf life.

“I am currently testing the Beta of Win7 in a closed VM environment. I am considering deleting it. It’s actually worse than Vista. Multiple program crashes, refusal to install any software, naff looks and many other complaints.”

Moog

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2009/09/08/vista-and-vista-7-bsod/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

7 Comments

  1. David Gerard said,

    September 8, 2009 at 5:04 am

    Gravatar

    I’ve posted this at Slashdot – please vote it up.

  2. Yuhong Bao said,

    September 8, 2009 at 12:13 pm

    Gravatar

    It is Vista/7, not “Vista 7″. This probably got confused by the fact that BN calls 7 “Vista 7″, which can easily be confused with “Vista/7″ which is different. I don’t use this name myself.

    Roy Schestowitz Reply:

    Those two are very similar. Underneath they are virtually the same and the above proves it.

    Yuhong Bao Reply:

    I would not go that far, but yes there are indeed many similarities between Vista and 7. In this case, the key similarity is that they both support SMB 2.0, which was a new version of the SMB protocol introduced with Vista.

    Roy Schestowitz Reply:

    Underneath, however, the same codebase is more or less shared. It’s not about this one flaw in particular.

    Yuhong Bao Reply:

    7 have many modifications to the Vista codebase. But yes indeed there is indeed many similarities to Vista in 7, certainly more similarities than Vista was compared to XP. Not that this makes Vista/7 bad IMO, but still.

  3. Yuhong Bao said,

    September 8, 2009 at 10:04 pm

    Gravatar

    Ars Technica reports that MS has issued a security advisory concerning this issue, saying 7 is not affected:
    http://arstechnica.com/microsoft/news/2009/09/new-flaw-can-remotely-crash-windows-vista-and-windows-7.ars

What Else is New


  1. Links 27/2/2021: IPFS 0.8, OnionShare 2.3.1, and New Stuff in KDE

    Links for the day



  2. The Internet After Social Control Media (and Maybe After the World Wide Web Too)

    There seems to be a growing trend of protests and backlash against centralised Internet disservices; there's also growing dissatisfaction over bloat and spyware, which the Web rendered a 'norm'



  3. SCO's Darl McBride is Finished (Bankruptcy)

    Some news about the site and about the long-forgotten SCO, whose infamous old (and sacked) Darl McBride (responsible for decade-long attacks on Linux) loses everything, based on fresh legal documents



  4. IRC Proceedings: Friday, February 26, 2021

    IRC logs for Friday, February 26, 2021



  5. Links 26/2/2021: Wine 6.3, Genode OS Framework 21.02

    Links for the day



  6. Links 26/2/2021: GNU Poke 1.0 is Out and Rocky Linux Leaves Microsoft GitHub

    Links for the day



  7. Microsoft's Status in Web Servers is So Bad That It Has Fallen Off Charts, is Now Partly Delisted

    In several categories or criteria Microsoft is no longer even listed by Netcraft; the share has become rather minuscule during the pandemic, which convinced more companies to explore expense-cutting moves



  8. We Take Away Your Freedom for Your Own Safety...

    People are herded like cattle and protest/dissent will be demonised as part of the new norm; what will be the cost of the pandemic and will resistance to the status quo ever be permitted to resume?



  9. EPO President Pushes Illegal Software Patents in South America (Over the Telephone With a Misleading New Puff Piece)

    The EPO's "news" section has become worse than a form of distraction (from the EPO's internal rot); it celebrates illegal and unlawful practices, spreading them to other continents



  10. The Free Software Foundation Warns Against Using Twitter

    Richard Stallman said Twitter was OK because it was possible to use it without proprietary software; that's no longer the case, so the Free Software Foundation (FSF) speaks out against it. It speaks about it more than 3 months after the problem became a known one and also an irreversible one (maybe Twitter would have reversed the decision if the media or the FSF actually spoke about it early enough).



  11. IRC Proceedings: Thursday, February 25, 2021

    IRC logs for Thursday, February 25, 2021



  12. Stéphane Bortzmeyer Explains Gemini Protocol (February 2021)

    A recent talk from Stéphane Bortzmeyer about Gemini and what it is for (or why)



  13. Links 26/2/2021: Istio 1.7.8 Announced, Blender 2.92, Firebird 3.0 Language Reference, FSF Against Twitter

    Links for the day



  14. Special Thanks to Mogz

    Credit where it's due to Mogz



  15. Modifying WordPress to Include Gemini Links in All Articles (Assuming a Canonical URL Form)

    In order to promote the departure from the World Wide Web (where possible and suitable; sites with text don't typically need Web-like features) one can promote the analogous pages in one's Gemini capsule; we suggest a way of doing so in WordPress (the most widely used CMS)



  16. Links 25/2/2021: RHEL for Open-Source Infrastructure, GNOME 40 Beta, LXPanel 0.10.1

    Links for the day



  17. IBM and Qt Don't Understand Free Software and They Now Impose Terms and Conditions on Who Qualifies for Use of Free Software Free of Charge

    IBM and Qt Don't Understand Free Software and They Now Impose Terms and Conditions on Who Qualifies for Use of Free Software Free of Charge



  18. Techrights Gemini Capsule, Now With Over 35,000 Pages and Files

    Blog posts combined with static (plain text) files are now 36,000+ in number, just for Gemini protocol alone; that number keeps growing as our conversion proceeds and evolves (our software will be released under terms of the AGPLv3)



  19. Eventually, or Hopefully, Many People Will Come Back to What the Web Used to Be (Or Web Alternatives More Like the 'Old' Web)

    With RSS feeds making a comeback and a resurgence of personal blogs we can take back the Web from a cabal of tech/Internet giants and social control media, censored, curated and spied on by oligarchy



  20. If Wikipedia is Controlled by Corporations and Mobs, It Needs to Be 'Cancelled'

    Facts have never truly mattered in social control media sites; it certainly seems as though Wikipedia now suffers the very same issue/deficit, allowing oligarchs and their companies to define what goes on in the world and which people Wikipedia should regard as persona non grata



  21. GNU/Linux Reaffirms Its Status as the Universal and Inter-planetary Operating System

    The operating system made for and by scientists (not business sharks and marketing cults) is winning the battle, and not only in this planet



  22. IRC Proceedings: Wednesday, February 24, 2021

    IRC logs for Wednesday, February 24, 2021



  23. Links 25/2/2021: Kali Linux 2021.1, Wine Launcher 1.4.46, and Google's Security Posing

    Links for the day



  24. Links 24/2/2021: MariaDB 10.5.9, Krita 4.4.3 Beta, and Debuginfod Server for Debian

    Links for the day



  25. Self-Host Your Videos, Take Full Advantage of HTML5 and Video Attributes

    For self-hosting of videos over the World Wide Web (Gemini too can handle videos; its clients/browsers can, for example, link video files/URLs to external media players) it's worth reviewing the full set of features made available by the standards because a lot can be accomplished without JavaScript and without unnecessary bloat/complexity



  26. Trying Out NoiseTorch to Reduce Background Sound/Noise in GNU/Linux

    An introduction to noisetorch (or NoiseTorch), an application that helps create virtual microphones/devices with reduced background noise



  27. How the Big Banks and OIN Can Whitewash Software Patents and Do Nothing Concrete About Patent Trolls

    Response to the puff piece entitled "How the Big Banks and OIN Can Lock Out Patent Trolls with Enabled Publications"



  28. IRC Proceedings: Tuesday, February 23, 2021

    IRC logs for Tuesday, February 23, 2021



  29. How to Set Up a Gemini Server of Your Own, Even on a Simple Single-Board Computer

    Using Agate to start one's own Gemini capsule (self-hosted) is a lot simpler than one might be inclined to believe; this is a detailed HOWTO, hoping to encourage more people to join Gemini space, which is fast-growing and free of garbage



  30. Links 23/2/2021: Tails 4.16, Libinput 1.17, Fwupd 1.5.7, Firefox 86, NeoChat 1.1

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts