Vista 7 Less Secure Than Predecessors? Remote BSoD Now Possible!

Dr. Roy Schestowitz

2009-09-08 09:46:41 UTC
Modified: 2009-09-08 09:46:41 UTC

BSoD for Novell

Summary: Vista and Vista 7 can be crashed remotely due to a newly-disclosed vulnerability

SO, Microsoft rewrote some networking components for Windows Vista, which may sound like a positive thing. Security experts warned that Microsoft had simply abandoned mature, well-established BSD code and they were right. Does anyone remember those flaws in Windows 95 which enabled remote computer users to 'nuke' their friends and foes (causing their computer to BSoD) given only their IP address? Well, that's back in Vista 7.

Freshly disclosed: "Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D."

V. BUSINESS IMPACT

An attacker can remotly crash without no user interaction, any Vista/Windows 7 machine with SMB enable. Windows Xp, 2k, are NOT affected as they dont have this driver.

VI. SYSTEMS AFFECTED

Windows Vista/7 All (64b/32b|SP1/SP2 fully updated) and possibly Win Server 2008 as it use the same SMB2.0 driver (not tested).

Wow. That is some serious stuff. What might it do to the already-poor track record of Vista 7 in security? The Register wrote about the death of the "Vista" brand and it might be just a matter of time before Vista 7's brand is tarnished to the same extent.

Microsoft spent an absolute fortune on the Vista brand. In marketing terms, the Vista campaign was huge by any standards, and was a big success insofar as raising awareness of Microsoft's next-generation Windows offering was concerned.

Sounds familiar? Vista 7 is Vista all over again; the resemblance in terms of hype and marketing is uncanny.

Well, if "Windows 7" ends up like Vista in the market, then Microsoft will at least have the "Mojave" brand. Microsoft (and its extended ecosystem) can no longer just throw trolls at the problem. The hundreds of millions of dollars spent on building brands and bullying critics [1, 2, 3, 4] do have a limited shelf life. ⬆

"I am currently testing the Beta of Win7 in a closed VM environment. I am considering deleting it. It's actually worse than Vista. Multiple program crashes, refusal to install any software, naff looks and many other complaints."

--Moog

Comments

Yuhong Bao

2009-09-09 03:04:30

Ars Technica reports that MS has issued a security advisory concerning this issue, saying 7 is not affected: http://arstechnica.com/microsoft/news/2009/09/new-flaw-can-remotely-crash-windows-vista-and-windows-7.ars
David Gerard

2009-09-08 10:04:39

I've posted this at Slashdot - please vote it up.
Yuhong Bao

2009-09-08 17:13:54

It is Vista/7, not "Vista 7". This probably got confused by the fact that BN calls 7 "Vista 7", which can easily be confused with "Vista/7" which is different. I don't use this name myself.

Roy Schestowitz

2009-09-08 17:30:03

Those two are very similar. Underneath they are virtually the same and the above proves it.

Yuhong Bao

2009-09-08 19:06:31

I would not go that far, but yes there are indeed many similarities between Vista and 7. In this case, the key similarity is that they both support SMB 2.0, which was a new version of the SMB protocol introduced with Vista.

Roy Schestowitz

2009-09-08 19:39:09

Underneath, however, the same codebase is more or less shared. It's not about this one flaw in particular.
Yuhong Bao

2009-09-08 20:41:59

7 have many modifications to the Vista codebase. But yes indeed there is indeed many similarities to Vista in 7, certainly more similarities than Vista was compared to XP. Not that this makes Vista/7 bad IMO, but still.

The Better the Understanding or the More Nations Understand the Threat Posed by Microsoft, the Faster It'll be Eradicated: We believe that the thing to advocate is self-hosting and Free software... A lack of simplicity or absence of alternatives is a form of vendor lock-in
A Week of Sunlight: They say transparency is like sunlight to a vampire
"Linux" Sites That Went Astray: there are even worse things than shutdowns
Links 16/06/2025: Climate, Wildfires, Breaches, and Monopolies: Links for the day
Links 16/06/2025: Summer in Finland and Misunderstandings: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, June 15, 2025: IRC logs for Sunday, June 15, 2025
Gemini Links 15/06/2025: Rainy Season and OpenDocument Format (ODF): Links for the day
Links 15/06/2025: Military Games, Parade, and Actions: Links for the day
Links 15/06/2025: Windows TCO, Openwashing, and Wars: Links for the day
Gemini Links 15/06/2025: "AI Fatigue and Crappiness": Links for the day
When Abusive Law Firms (Working for Microsofters Against Us) Assert That Someone Writing in Social Media About Himself is Confidential Information: There was no reason to throw "GDPR" into 2 SLAPPs; they know it, but the goal was to increase the cost of a Defence and lessen the incentive to challenge the SLAPPs
Microsoft Attack Dogs Against Watchdogs and Guard Dogs in Software: Last year Microsofters hired attack dogs or "guns for hire"
Slop Cannot Replace Domain Expertise: All this "AI" hype (it's not even intelligence, it's all a misnomer, as many of us have insisted all along) will fizzle and be written off as a failed experiment
IBM's Fresh 'PIPs' (Action Before Layoffs): At times like these, even once-reputable employers resort to PIPs and other procedures/tricks for denial of workers' rights
Microsoft is a Problem Not Just for Denmark: Every country should consider what Denmark is doing, why Denmark is doing it, and then do the same
The Slopfarms' Self Detonation: If more sites like BetaNews go under, then maybe we can still salvage some of the Web
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, June 14, 2025: IRC logs for Saturday, June 14, 2025
Links 14/06/2025: FDA Changes Priorities, Cassette Data Storage From The 1970s: Links for the day
Gemini Links 14/06/2025: Steam Next Fest and Thoughts on Gemini: Links for the day
Site/Datacentre Maintenance Next Week: speed things up
Bulgaria: GNU/Linux Near 10%: The Bulgarian market seems to be changing
I Never Spoke to BetaNews. But BetaNews Wants to Ensure I Never Will, Either.: Sometimes just the reluctance to talk about it can say a great deal
Throwing Money at Lawyers Can't Stop Us (It Never Did): Even just trying to censor things can result in the opposite of the desired outcome
Online Search or Large Search Engines Aren't Working Anymore: business models that directly compete with interests of Web users
Holidays and Breaks: I've hardly taken any long breaks since I got married
Danish OpenDocument Freedom: "year of Linux"
Links 14/06/2025: Wars and L.A. Distortion Effect: Links for the day
BetaNews Has More or Less Died After Experiments With LLM Slop, Is Linuxsecurity Next?: It doesn't seem like BetaNews knows what it's doing, let alone what it talks about
Gemini Links 14/06/2025: Historic Ada Design and GeminiSpace.Club to Expire: Links for the day
Links 14/06/2025: India Plane Crash and Middle-Eastern War: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, June 13, 2025: IRC logs for Friday, June 13, 2025

Vista 7 Less Secure Than Predecessors? Remote BSoD Now Possible!

Comments

Recent Techrights' Posts