Summary: Vista and Vista 7 can be crashed remotely due to a newly-disclosed vulnerability
SO, Microsoft rewrote some networking components for Windows Vista, which may sound like a positive thing. Security experts warned that Microsoft had simply abandoned mature, well-established BSD code and they were right. Does anyone remember those flaws in Windows 95 which enabled remote computer users to ‘nuke’ their friends and foes (causing their computer to BSoD) given only their IP address? Well, that’s back in Vista 7.
Freshly disclosed: “Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.”
V. BUSINESS IMPACT
An attacker can remotly crash without no user interaction, any Vista/Windows 7 machine with SMB enable. Windows Xp, 2k, are NOT affected as they dont have this driver.
VI. SYSTEMS AFFECTED
Windows Vista/7 All (64b/32b|SP1/SP2 fully updated) and possibly Win Server 2008 as it use the same SMB2.0 driver (not tested).
Wow. That is some serious stuff. What might it do to the already-poor track record of Vista 7 in security? The Register wrote about the death of the “Vista” brand and it might be just a matter of time before Vista 7′s brand is tarnished to the same extent.
Microsoft spent an absolute fortune on the Vista brand. In marketing terms, the Vista campaign was huge by any standards, and was a big success insofar as raising awareness of Microsoft’s next-generation Windows offering was concerned.
Sounds familiar? Vista 7 is Vista all over again; the resemblance in terms of hype and marketing is uncanny.
Well, if “Windows 7″ ends up like Vista in the market, then Microsoft will at least have the “Mojave” brand. Microsoft (and its extended ecosystem) can no longer just throw trolls at the problem. The hundreds of millions of dollars spent on building brands and bullying critics [1, 2, 3, 4] do have a limited shelf life. █
“I am currently testing the Beta of Win7 in a closed VM environment. I am considering deleting it. It’s actually worse than Vista. Multiple program crashes, refusal to install any software, naff looks and many other complaints.”