EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.12.09

Vista 7 Exploit is Out (Zero-Day Vulnerability)

Posted in Microsoft, Security, Servers, Vista 7, Windows at 12:11 pm by Dr. Roy Schestowitz

Vista 7

Summary: Vista 7 and Server 2008 R2 both suffer from a zero-day hole and there is no solution to it yet

VISTA 7 was never a secure operating system, not even when it was in beta. To give a sample of posts on that matter:

The reality of this matter is that Vista 7, as expected, has a very major new flaw, which is already being exploited

This bug is a real proof that SDL #FAIL
The bug trigger an infinite loop on smb{1,2}, pre-auth, no credential needed…
Can be trigered outside the lan via (IE*)

It sure sounds familiar and Microsoft does no deny it.

Microsoft probing Windows 7 zero-day hole

Microsoft said on Wednesday it is looking into a report of a vulnerability in Windows 7 and Server 2008 Release 2 that could be used by an attacker to remotely crash the computer.

[...]

Gaffié also posted proof-of-concept code for the “Windows 7, Server 2008R2 Remote Kernel Crash.”

“It is an error in the SMB protocol,” tells one person, “and it sends the machine into an infinite loop. Power cycle or reset time it is.”

A reader of ours asks: “Isn’t this a repeat of the teardrops-like exploit from this summer / fall?

“If so, then the reporters seem to think they can get away with [fooling] the public as to how long Microsoft is taking to patch their problems.”

Update: The Windows kernel has just had critical holes addressed, but the above remains unpatched.

Microsoft on Tuesday issued six security bulletins fixing 15 vulnerabilities, including a critical patch for holes in the Windows kernel and other Windows and Office components that could allow an attacker to take control of a computer.

One of our readers was unable to find out if the RBS disaster has Windows to blame. It’s too secretive.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email
  • Google Bookmarks

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. [Humour] Bigger is Always Better When You're a Deluded Maximalist

    The EPO totally lost sight of its mission; it's just speeding everything up, very carelessly, not minding quality and accuracy/certainty/legal validity



  2. 'Managing Intellectual Property' Managing to Become Uncritical Parrot of EPO Management

    Managing to amplify the EPO's lies isn't hard; one just needs to copy, paste, edit a little; then they call it 'journalism', irrespective of the proven track record of EPO management lying to staff and to the media



  3. IRC Proceedings: Friday, July 03, 2020

    IRC logs for Friday, July 03, 2020



  4. Monopoly Abuse, Still: Microsoft Pays Projects to Embrace/Move to C#, GitHub and Visual Studio

    Microsoft's greatest of efforts to lull regulators into inaction and fool us all into thinking that things have changed are undone by actual behaviour, which is abusive, anti-competitive and just... typical Microsoft



  5. Links 4/7/2020: Grml 2020.06 and diffoscope 150 Released

    Links for the day



  6. [Humour/Meme] Don't Let a COVID Crisis Go to Waste When You're Eager to Find Excuses for Many Layoffs and Shutdowns

    Microsoft business units that were defunct (long-failing, well before COVID-19) are being thrown out and Microsoft exploits a virus to rationalise these decisions while spicing up media coverage with "Hey Hi" (AI) and "virtual" experience or Facebook (to give the false impression that nothing really goes away)



  7. Free Software Tackles Political Issues. Political Tactics Are Also Being Weaponised Against Free Software.

    Divide-and-rule tactics seem to have been exploited to weaken collaborative work on Free/libre software; the response to these tactics needs to start with realisation that this is going on (even if it's done in a somewhat clandestine nature)



  8. Offence and Racism

    o those in positions of power and privilege (financial) you are controllable by guilt; dividing us and causing us to feel guilt and fear (over potential offence) is a powerful social control mechanism and pretext for dismissal, censorship, humiliation



  9. Links 3/7/2020: TrueNAS 12 Beta 1, Librem 13 Product Line

    Links for the day



  10. [Humour] European Patents Only Useful Outside the Legal Framework?

    Patents that aren't valid in the eyes of courts would best serve patent trolls that settle out of courts, en masse



  11. Microsoft's Share in Web Servers Rapidly Falls to Just 4.5% (Falling More Than 5% in a Single Month)

    Microsoft's share as measured at Netcraft (de facto authority in this area) is rapidly declining; expect IIS to go the way of the dodo some time in the coming years



  12. The Lock-downs Are Over and Still Zero Media Coverage About EPO Scandals and Corruption

    The appalling state of journalism in Europe (and to some extent in the world at large) means that the EPO's management can get away with all sorts of horrible crimes and fraud; the silencing of the media is, in its own right, quite scandalous



  13. IRC Proceedings: Thursday, July 02, 2020

    IRC logs for Thursday, July 02, 2020



  14. “Microsoft's Deadly Love” by Alessandro Ebersol (Agent Smith)

    Full credit goes to PCLOS Magazine for publishing this good piece, which we’re reproducing



  15. Links 2/7/2020: Microsoft Partner Says GNU/Linux Share in Desktops/Laptops at 4% Even After Lock-downs, OpenSUSE Leap 15.2 and Mageia 8 Alpha 1 Released

    Links for the day



  16. Why People Should Never Ever Use DuckDuckGo

    DuckDuckGo is another privacy abuser in disguise; the above forum thread enumerates key reasons



  17. After 2 Years and 2 Days António Campinos is a Perfect Leader, Fostering EPO Abuses While Smiling

    EPO corruption persists, but this time the corruption enjoys better marketing/PR and complicit (or at best silent) media



  18. [Humour] As If Monopolies for Life Will Save People's Lives...

    The mentality of monopoly or the mindset of patent maximalism has been quick to exploit the deaths of half a million



  19. IRC Proceedings: Wednesday, July 01, 2020

    IRC logs for Wednesday, July 01, 2020



  20. IBM-Funded FSF Censors Itself on Software Patents

    Donald Robertson’s article bemoaning and openly condemning the U.S. Patent and Trademark Office (USPTO) over software patents, which it illegally grants in some cases, was modified a week later; and why? One can only guess… (but remember that the FSF’s foremost sponsor is lobbying against 35 U.S.C. § 101 and for software patents)



  21. [Humour/Meme] Remember That As Recently as Last Year Microsoft Was Still Shaking Down and Even Suing Companies Over 'Linux Patent Infringement'

    There's no 'new Microsoft' except a (better at) lying Microsoft; its covert actions tell us a lot about its ongoing hatred of GNU/Linux, which it is assaulting in new and more sophisticated ways



  22. Contrary to Common Misconceptions, Free Software is More 'Corporate' or More 'Enterprise-Grade' Than Proprietary Abandonware (All Proprietary Software Will Die)

    Free software can leverage the superficial and bland boardroom lingo/slang to promote itself; it would definitely harm or dilute/weaken the terms which proprietary software giants like to leverage against us



  23. Social Control Media Will Not Exist One Day

    Digital obsolescence and Internet bitrot — that’s what Social Control Media is really good for; as many Google+ ‘users’ (useds) found out, they’re just being ‘farmed’ for their ‘content’, which is neither valuable nor resilient (definitely of no value to Google)



  24. What Freedom of Software Actually Means to Us

    Liberty or libre (freedom) is about more than brands or personalities, as names or institutions or individuals can change or completely perish; but concepts outlast superficialities



  25. [Humour] Thinking Beyond Just the Linux Brand

    We're supposed to believe that because "Linux" is dominant we finally have freedom; but almost all the very big companies that are using GNU/Linux leverage it for freedom-hostile purposes and keep about 99% of their code secret from us, so the fight for software freedom must go on



  26. Corporate Media Blames 'China' and 'Open Source' for Back Doors in Microsoft's Intentionally Flawed Proprietary Software That's Causing Chaos

    'Red Scare' tactics are being used to divert attention away from Microsoft's incompetence and conspiracy with the NSA (to put back doors in everything, essentially making all software inherently vulnerable, by design)



  27. Microsoft Has Infiltrated Authorities and/or Their Consultation Processes

    In the European Union, the United States and just about everywhere else in the world one can find Microsoft officials replacing public officials, as if the decision-making too has been outsourced to the "Good Folks" from Microsoft



  28. Links 1/7/2020: Tails 4.8, Serpent OS

    Links for the day



  29. IRC Proceedings: Tuesday, June 30, 2020

    IRC logs for Tuesday, June 30, 2020



  30. EPO Management Celebrates the Lowering of Patent Quality While Granting Invalid Patents (IPs) Instead of European Patents (EPs)

    Europe's most autocratic institution continues to cheat and lie to everybody; even twice in one day, together with... the Communist Party of China (through CNIPA)


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts