Vista 7 Exploit is Out (Zero-Day Vulnerability)
- Dr. Roy Schestowitz
- 2009-11-12 17:11:59 UTC
- Modified: 2009-11-12 18:03:15 UTC
Summary: Vista 7 and Server 2008 R2 both suffer from a zero-day hole and there is no solution to it yet
VISTA 7 was never a secure operating system, not even when it was in beta. To give a sample of posts on that matter:
The reality of this matter is that
Vista 7, as expected, has a very major new flaw, which is
already being exploited
This bug is a real proof that SDL #FAIL
The bug trigger an infinite loop on smb{1,2}, pre-auth, no credential needed...
Can be trigered outside the lan via (IE*)
It
sure sounds familiar and
Microsoft does no deny it.
Microsoft probing Windows 7 zero-day hole
Microsoft said on Wednesday it is looking into a report of a vulnerability in Windows 7 and Server 2008 Release 2 that could be used by an attacker to remotely crash the computer.
[...]
Gaffié also posted proof-of-concept code for the "Windows 7, Server 2008R2 Remote Kernel Crash."
"It is an error in the SMB protocol," tells one person, "and it sends the machine into an€ infinite loop. Power cycle or reset time it is."
A reader of ours asks: "Isn't this a repeat of the teardrops-like exploit from this summer / fall?
"If so, then the reporters seem to think they can get away with [fooling] the public as to how long Microsoft is taking to patch their problems."
⬆
Update: The Windows kernel has just had
critical holes addressed, but the above remains unpatched.
Microsoft on Tuesday issued six security bulletins fixing 15 vulnerabilities, including a critical patch for holes in the Windows kernel and other Windows and Office components that could allow an attacker to take control of a computer.
One of our readers was unable to find out if the
RBS disaster has Windows to blame. It's too secretive.
