09.08.09

Vista 7 Less Secure Than Predecessors? Remote BSoD Now Possible!

Posted in Marketing, Microsoft, Security, Vista, Vista 7, Windows at 4:46 am by Dr. Roy Schestowitz

BSoD for Novell

Summary: Vista and Vista 7 can be crashed remotely due to a newly-disclosed vulnerability

SO, Microsoft rewrote some networking components for Windows Vista, which may sound like a positive thing. Security experts warned that Microsoft had simply abandoned mature, well-established BSD code and they were right. Does anyone remember those flaws in Windows 95 which enabled remote computer users to ‘nuke’ their friends and foes (causing their computer to BSoD) given only their IP address? Well, that’s back in Vista 7.

Freshly disclosed: “Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.”

V. BUSINESS IMPACT

An attacker can remotly crash without no user interaction, any Vista/Windows 7 machine with SMB enable. Windows Xp, 2k, are NOT affected as they dont have this driver.

VI. SYSTEMS AFFECTED

Windows Vista/7 All (64b/32b|SP1/SP2 fully updated) and possibly Win Server 2008 as it use the same SMB2.0 driver (not tested).

Wow. That is some serious stuff. What might it do to the already-poor track record of Vista 7 in security? The Register wrote about the death of the “Vista” brand and it might be just a matter of time before Vista 7′s brand is tarnished to the same extent.

Microsoft spent an absolute fortune on the Vista brand. In marketing terms, the Vista campaign was huge by any standards, and was a big success insofar as raising awareness of Microsoft’s next-generation Windows offering was concerned.

Sounds familiar? Vista 7 is Vista all over again; the resemblance in terms of hype and marketing is uncanny.

Well, if “Windows 7″ ends up like Vista in the market, then Microsoft will at least have the “Mojave” brand. Microsoft (and its extended ecosystem) can no longer just throw trolls at the problem. The hundreds of millions of dollars spent on building brands and bullying critics [1, 2, 3, 4] do have a limited shelf life.

“I am currently testing the Beta of Win7 in a closed VM environment. I am considering deleting it. It’s actually worse than Vista. Multiple program crashes, refusal to install any software, naff looks and many other complaints.”

Moog

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

7 Comments

  1. David Gerard said,

    September 8, 2009 at 5:04 am

    Gravatar

    I’ve posted this at Slashdot – please vote it up.

  2. Yuhong Bao said,

    September 8, 2009 at 12:13 pm

    Gravatar

    It is Vista/7, not “Vista 7″. This probably got confused by the fact that BN calls 7 “Vista 7″, which can easily be confused with “Vista/7″ which is different. I don’t use this name myself.

    Roy Schestowitz Reply:

    Those two are very similar. Underneath they are virtually the same and the above proves it.

    Yuhong Bao Reply:

    I would not go that far, but yes there are indeed many similarities between Vista and 7. In this case, the key similarity is that they both support SMB 2.0, which was a new version of the SMB protocol introduced with Vista.

    Roy Schestowitz Reply:

    Underneath, however, the same codebase is more or less shared. It’s not about this one flaw in particular.

    Yuhong Bao Reply:

    7 have many modifications to the Vista codebase. But yes indeed there is indeed many similarities to Vista in 7, certainly more similarities than Vista was compared to XP. Not that this makes Vista/7 bad IMO, but still.

  3. Yuhong Bao said,

    September 8, 2009 at 10:04 pm

    Gravatar

    Ars Technica reports that MS has issued a security advisory concerning this issue, saying 7 is not affected:
    http://arstechnica.com/microsoft/news/2009/09/new-flaw-can-remotely-crash-windows-vista-and-windows-7.ars

What Else is New


  1. Help Make Techrights (and Other Technology-Centric Sites) More Robust to Censorship by Setting Up More IPFS Nodes

    We’re trying to improve the site’s availability (ensuring it can never be offline) and make it more censorship-resistant; people who adopt IPFS can make that happen while tackling the “bloated Web” and “centralised Internet” issues — all at the same time



  2. Microsoft Loves Linux and Android Apps Running on Windows Instead of GNU/Linux and Android Devices

    Microsoft loves Linux, they say; but as Microsoft's former VP James Allchin put it: "If you're going to kill someone there isn't much reason to get all worked up about it and angry -- you just pull the trigger [...] We need to smile at Novell while we pull the trigger."



  3. Links 28/11/2020: RenderDoc 1.11, GNOME 40 Scrolling Horizontally

    Links for the day



  4. Nine Documents About the Financial Siege Against EPO Staff (Past, Present, and Future)

    Today we release dozens of pages of letters and documents (internal to Europe's second-largest institution); they all focus on the betrayal and skulduggery, crushing staff in spite of what was originally promised (and what workers actually signed up for)



  5. EPO Senior Management (Cabal) “Essentially Deaf to the Proposals From Staff Representatives.”

    Representatives of EPO staff feel like the management of the EPO is "deaf" and uncaring; there's hardly any meaningful progress (or none whatsoever) when it comes to truly honest dialogue with real participation



  6. EPO Management, Led by António Campinos, Attempted to Stifle or Prevent Staff From Being Surveyed

    Battistelli's cabal, which covers up a lot of fraud and corruption, is attempting to prevent the staff from expressing an opinion (for insiders and perhaps outsiders to assess) because things are really bad and autocratic measures are seen as necessary to keep the lid on issues/abuses



  7. The European Patent Office's Central Staff Committee: Office Cannot Recruit Fit-for-Purpose Patent Examiners Anymore

    One third of EPO recruits are 'locals' (Germans), 0.2% are Swiss, 1% Scandinavian; the EPO as an employer became unattractive and it's unable to attract the staff it needs (as was projected and planned when the EPC was agreed upon)



  8. IRC Proceedings: Friday, November 27, 2020

    IRC logs for Friday, November 27, 2020



  9. Links 27/11/2020: Jolla is 7, Diffoscope 162, MNT Reform Production

    Links for the day



  10. The Time Coronavirus Helped EPO Management Prevent Staff From Protesting and Going on Strike (March 26th)

    "In view of the spreading of the New Corona Virus, the planned General Assemblies have to be cancelled," the Staff Union of the European Patent Office (SUEPO) wrote in the wake of the crisis across Europe back in March (weeks ahead of a planned strike)



  11. Guarding Your Privacy With E2EE: Primer

    "As with all security, there is assumed risk no matter how careful you are. There are no security guarantees but that doesn't mean you shouldn't try."



  12. Links 27/11/2020: Systemd 247 and Cockpit 233

    Links for the day



  13. A Free Speech Deficit Harms Software Freedom

    Free software and Software Freedom cannot possibly succeed if we keep accepting or even just tolerating systematic censorship of opinionated people in our community; failing to speak out on this matter (for fear of supposedly offending someone, risking expulsion) is part of the problem — complicity by passivity



  14. Perception of Difficulty

    New poem by figosdev



  15. IRC Proceedings: Thursday, November 26, 2020

    IRC logs for Thursday, November 26, 2020



  16. Cartoon: After Gambling With Workers' Savings the EPO Can Do Real Estate

    New EPO cartoon from EPO insiders (the one on the right certainly looks a lot like António Campinos and the one on the left can be his EUIPO ‘import’ or Benoît Battistelli‘s INPI ‘import’)



  17. Free as in Freedom Should Not be Associated With Cost

    It's important to remind people that so-called 'free' services (Clown Computing, centralised spaces that 'farm' their so-called 'users') aren't really free; we need to advocate freedom or free-as-in-freedom alternatives



  18. [Meme] UPC's Pyrrhic Victory

    Contrary to what Team UPC says, what happened earlier today is hardly a breakthrough



  19. Many Thanks to Free Software, the Demise of Software Patents (in Europe and the US), and So Much More

    On a positive note we're heading into the end of November, one month before Boxing Day; we take stock of patent affairs that impact software developers



  20. Links 26/11/2020: PHP 8.0, Proxmox VE 6.3, UNIGINE 2.13

    Links for the day



  21. 29,000 Blog Posts and Recent Site Improvements

    Over 29,000 blog posts have been posted here, but more importantly we've made the site a lot more robust and resilient, accessible in more formats and protocols (while improving transparency, too)



  22. [Meme] Trump is Out. Now It's Time to Pressure the Biden Administration/Transition Team on Software Freedom Issues.

    The Biden transition is in motion and tentative appointments are underway, based on news reports (see our Daily Links); now is the time to put pressure, e.g. in the form of public backlash, to ensure it's not just another corporate presidency



  23. Boycott ZDNet Unless You Fancy Being Lied to

    ZDNet's Catalin Cimpanu continues to lead the way with misinformation and lies, basically doing whatever he was doing to land that job at ZDNet (after he had done the same elsewhere)



  24. The UPC and Unitary Patent Song

    On goes the UPC symphony, as the Unified Patent Court (UPC) is almost here, always coming "real soon!"



  25. Open Letter to the German Greens on UPC and Software Patents: Don’t Betray Your Voters and Your Promises, or You Will Regret it

    Dear Members of the German Greens in the Bundestag. By Benjamin HENRION.



  26. [Meme] One Step Away From Replacing Patent Examiners With 'Hey Hi' (AI)

    If it's not legal for 'Hey Hi' (AI) to get a patent, why should it be legal for patents to be granted by those who are invisible (and sometimes in de facto house arrest)?



  27. European Patent Office (EPO) Reduced to 'Justice Over the Telephone' and Decree by E-mail

    The EPO is trashing the EPC and everything that the Office was supposed to stand for, as it wrongly assumes demand for monopolies (typically from foreign corporations) comes before the rule of law and Europe's public interest



  28. Making Free Software Work for Users

    The latest reply to a non-developer concerned about software freedom; guest post by figosdev



  29. IRC Proceedings: Wednesday, November 25, 2020

    IRC logs for Wednesday, November 25, 2020



  30. Links 26/11/2020: AV Linux 2020.11.23 and Blender 2.91 Release

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts