Vista 7 Less Secure Than Predecessors? Remote BSoD Now Possible!

Dr. Roy Schestowitz

2009-09-08 09:46:41 UTC
Modified: 2009-09-08 09:46:41 UTC

BSoD for Novell

Summary: Vista and Vista 7 can be crashed remotely due to a newly-disclosed vulnerability

SO, Microsoft rewrote some networking components for Windows Vista, which may sound like a positive thing. Security experts warned that Microsoft had simply abandoned mature, well-established BSD code and they were right. Does anyone remember those flaws in Windows 95 which enabled remote computer users to 'nuke' their friends and foes (causing their computer to BSoD) given only their IP address? Well, that's back in Vista 7.

Freshly disclosed: "Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D."

V. BUSINESS IMPACT

An attacker can remotly crash without no user interaction, any Vista/Windows 7 machine with SMB enable. Windows Xp, 2k, are NOT affected as they dont have this driver.

VI. SYSTEMS AFFECTED

Windows Vista/7 All (64b/32b|SP1/SP2 fully updated) and possibly Win Server 2008 as it use the same SMB2.0 driver (not tested).

Wow. That is some serious stuff. What might it do to the already-poor track record of Vista 7 in security? The Register wrote about the death of the "Vista" brand and it might be just a matter of time before Vista 7's brand is tarnished to the same extent.

Microsoft spent an absolute fortune on the Vista brand. In marketing terms, the Vista campaign was huge by any standards, and was a big success insofar as raising awareness of Microsoft's next-generation Windows offering was concerned.

Sounds familiar? Vista 7 is Vista all over again; the resemblance in terms of hype and marketing is uncanny.

Well, if "Windows 7" ends up like Vista in the market, then Microsoft will at least have the "Mojave" brand. Microsoft (and its extended ecosystem) can no longer just throw trolls at the problem. The hundreds of millions of dollars spent on building brands and bullying critics [1, 2, 3, 4] do have a limited shelf life. ⬆

"I am currently testing the Beta of Win7 in a closed VM environment. I am considering deleting it. It's actually worse than Vista. Multiple program crashes, refusal to install any software, naff looks and many other complaints."

--Moog

Comments

Yuhong Bao

2009-09-09 03:04:30

Ars Technica reports that MS has issued a security advisory concerning this issue, saying 7 is not affected: http://arstechnica.com/microsoft/news/2009/09/new-flaw-can-remotely-crash-windows-vista-and-windows-7.ars
David Gerard

2009-09-08 10:04:39

I've posted this at Slashdot - please vote it up.
Yuhong Bao

2009-09-08 17:13:54

It is Vista/7, not "Vista 7". This probably got confused by the fact that BN calls 7 "Vista 7", which can easily be confused with "Vista/7" which is different. I don't use this name myself.

Roy Schestowitz

2009-09-08 17:30:03

Those two are very similar. Underneath they are virtually the same and the above proves it.

Yuhong Bao

2009-09-08 19:06:31

I would not go that far, but yes there are indeed many similarities between Vista and 7. In this case, the key similarity is that they both support SMB 2.0, which was a new version of the SMB protocol introduced with Vista.

Roy Schestowitz

2009-09-08 19:39:09

Underneath, however, the same codebase is more or less shared. It's not about this one flaw in particular.
Yuhong Bao

2009-09-08 20:41:59

7 have many modifications to the Vista codebase. But yes indeed there is indeed many similarities to Vista in 7, certainly more similarities than Vista was compared to XP. Not that this makes Vista/7 bad IMO, but still.

Vista 7 Less Secure Than Predecessors? Remote BSoD Now Possible!

Comments

Recent Techrights' Posts