11.12.09

Vista 7 Exploit is Out (Zero-Day Vulnerability)

Posted in Microsoft, Security, Servers, Vista 7, Windows at 12:11 pm by Dr. Roy Schestowitz

Vista 7

Summary: Vista 7 and Server 2008 R2 both suffer from a zero-day hole and there is no solution to it yet

VISTA 7 was never a secure operating system, not even when it was in beta. To give a sample of posts on that matter:

The reality of this matter is that Vista 7, as expected, has a very major new flaw, which is already being exploited

This bug is a real proof that SDL #FAIL
The bug trigger an infinite loop on smb{1,2}, pre-auth, no credential needed…
Can be trigered outside the lan via (IE*)

It sure sounds familiar and Microsoft does no deny it.

Microsoft probing Windows 7 zero-day hole

Microsoft said on Wednesday it is looking into a report of a vulnerability in Windows 7 and Server 2008 Release 2 that could be used by an attacker to remotely crash the computer.

[...]

Gaffié also posted proof-of-concept code for the “Windows 7, Server 2008R2 Remote Kernel Crash.”

“It is an error in the SMB protocol,” tells one person, “and it sends the machine into an infinite loop. Power cycle or reset time it is.”

A reader of ours asks: “Isn’t this a repeat of the teardrops-like exploit from this summer / fall?

“If so, then the reporters seem to think they can get away with [fooling] the public as to how long Microsoft is taking to patch their problems.”

Update: The Windows kernel has just had critical holes addressed, but the above remains unpatched.

Microsoft on Tuesday issued six security bulletins fixing 15 vulnerabilities, including a critical patch for holes in the Windows kernel and other Windows and Office components that could allow an attacker to take control of a computer.

One of our readers was unable to find out if the RBS disaster has Windows to blame. It’s too secretive.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2009/11/12/vista-7-attacked-remotely/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. IRC Proceedings: Friday, March 05, 2021

    IRC logs for Friday, March 05, 2021



  2. Links 5/3/2021: Qubes OS 4.0.4 Release and Wine's Project Leader is Open to Wayland

    Links for the day



  3. How To Deal With Your Raspberry Spy -- Part II: Introduction

    Following Part I, published a few hours ago, let's examine what happened from a technical perspective and what can be done about it technically



  4. How To Deal With Your Raspberry Spy -- Part I: Acknowledgements

    March 2, 2021 blog post series from a guest author; for some background, see blog posts from Microsoft in the official blog of Raspberry Pi and our response to these



  5. German Decision on Unitary Patent/UPC Will Take Years (and It Doesn't Matter Because the Whole Thing is Dead Already)

    Kluwer Patent Blog's Dr. Bausch explains why the UPC is pretty much doomed, as it cannot be ratified any time soon and probably will never be ratified either (for a multitude of reasons, including Brexit)



  6. Techrights in Australia (IPFS and Gemini)

    Allies in Australia will help Techrights serve material from another server; we're still bettering ourselves for an era of oppressive World Wide Web



  7. Professional Troll Matthew Garrett Spreads Libel, Defamation and Slander About the Free Software Community to Entertain Microsoft and Friends

    After months of parking in our IRC channels to provoke and troll people (and try to collect 'dirt' from responses) the professional troll Matthew Garrett has been for many years shows his true colours again



  8. Links 5/3/2021: Linux 5.12-rc2 Imminent, Linux Lite 5.4 RC1 in Review

    Links for the day



  9. IRC Proceedings: Thursday, March 04, 2021

    IRC logs for Thursday, March 04, 2021



  10. Links 4/3/2021: LibreOffice 7.1.1, Cockpit 239, Many Stable Kernel Releases

    Links for the day



  11. Links 4/3/2021: Pardus 19.5 is Out and Free Software Foundation Gets Consulting Grant

    Links for the day



  12. IRC Proceedings: Wednesday, March 03, 2021

    IRC logs for Wednesday, March 03, 2021



  13. The Free Software Foundation Should Re-add Richard Stallman to the Board

    Dr. Richard Stallman is missed by many who perceive him to have been wrongly treated; putting Stallman back in the Board (at the very least) would help the image of the Free Software Foundation more than the newly-announced work with Community Consulting Teams of Boston



  14. Free Software Calling

    Fewer people are willing to "put up with the shit" given by so-called 'Big Tech', seeing that it's mostly about social control rather than enablement or emancipation



  15. Meme: EPO Management Totally Gets 'Tehc'

    The bestest patent office in the whole wide world is besting the “hey hi” (AI) cutting edge; don't worry about exam and certification integrity



  16. The EPO's Software Blunders Are Inevitable Outcome of Technically Clueless Management Which Grants Illegal Patents on Software

    The "clusterfuck" which the EPO has become is negatively affecting not only EPO staff but also stakeholders, who sink into depression and sometimes anger, even fury, at great expense to their health; this is how institutions die (for a quick but short money grab, a culmination of corruption which piggybacks half a century of goodwill gestures)



  17. Links 3/3/2021: OpenSUSE Leap 15.3 Beta, GNU Denemo 2.5, and NomadBSD 1.4

    Links for the day



  18. What Free Software Organisations Can Learn From Australia's Rape Crisis

    Reprinted with permission from Daniel Pocock



  19. Microsoft Weaponises (and Further Spreads) Racism to Distract From Its Own Incompetence (and 'Five Eyes' Collusion for Back Door Access)

    Racist Microsoft is at it again; we're meant to think that China is evil for doing exactly what the United States has been doing but more importantly we're told not to blame Microsoft for shoddy code and back doors (classic blame-shifting tactics and overt distortion of facts, as we saw in the wake of SolarWinds backdoors)



  20. GNU/Linux News Sites Need to Promote Software Freedom, Not Binary and Proprietary Blobs Merely Compiled for GNU/Linux

    There has been lots of proprietary fluff in GNU/Linux 'news' sites so far this week; it merits an explanation or clarification, e.g. why we should generally reject proprietary stuff and instead promote Free/libre alternatives



  21. Links 3/3/2021: OpenSSH 8.5 and Absolute64 20210302 Released

    Links for the day



  22. IRC Proceedings: Tuesday, March 02, 2021

    IRC logs for Tuesday, March 02, 2021



  23. Links 3/3/2021: IPFire 2.25 Core Update 154, Red Hat Satellite 6.8.4, Kiwi TCMS 10.0

    Links for the day



  24. Links 2/3/2021: KDE Plasma 5.21.2, Qt 6.1 Beta, Refund of Pre-installed Windows

    Links for the day



  25. 'GatoKeeper'/IP Kat (AstraZeneca) Still Suppressing and Censoring the Public Views or Internal EPO Talks About EPO Corruption

    The suppression of comments critical of the EPO‘s administration (especially corruption scandals surrounding António Campinos and Benoît Battistelli) is a real problem; those ought not be a taboo subject in comments (where bloggers used to speak about those issues openly and regularly)



  26. Pocock on Removing Cognitive Bias Around Consent

    Reprinted with permission from Daniel Pocock



  27. IRC Proceedings: Monday, March 01, 2021

    IRC logs for Monday, March 01, 2021



  28. Links 2/3/2021: Maui 1.2.1, RSS Guard 3.9.0

    Links for the day



  29. ZDNet Really Hates Golang (Maybe Because Microsoft Does)

    The Golang programming language seems to be the target of intense FUD campaigns from sites connected to Microsoft, so it’s likely a bit of a Nemesis/endgame to Microsoft monoculture (unlike Rust, which Microsoft has already pocketed and is actively besieging to promote Microsoft monopoly and hardware monoculture)



  30. Links 1/3/2021: KStars 3.5.2, ET: Legacy 2.77, Flameshot 0.9

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts