Vista 7 Exploit is Out (Zero-Day Vulnerability)

Dr. Roy Schestowitz

2009-11-12 17:11:59 UTC
Modified: 2009-11-12 18:03:15 UTC

Vista 7

Summary: Vista 7 and Server 2008 R2 both suffer from a zero-day hole and there is no solution to it yet

VISTA 7 was never a secure operating system, not even when it was in beta. To give a sample of posts on that matter:

The reality of this matter is that Vista 7, as expected, has a very major new flaw, which is already being exploited

This bug is a real proof that SDL #FAIL The bug trigger an infinite loop on smb{1,2}, pre-auth, no credential needed... Can be trigered outside the lan via (IE*)

It sure sounds familiar and Microsoft does no deny it.

Microsoft probing Windows 7 zero-day hole

Microsoft said on Wednesday it is looking into a report of a vulnerability in Windows 7 and Server 2008 Release 2 that could be used by an attacker to remotely crash the computer.

[...]

Gaffié also posted proof-of-concept code for the "Windows 7, Server 2008R2 Remote Kernel Crash."

"It is an error in the SMB protocol," tells one person, "and it sends the machine into an€ infinite loop. Power cycle or reset time it is."

A reader of ours asks: "Isn't this a repeat of the teardrops-like exploit from this summer / fall?

"If so, then the reporters seem to think they can get away with [fooling] the public as to how long Microsoft is taking to patch their problems." ⬆

Update: The Windows kernel has just had critical holes addressed, but the above remains unpatched.

Microsoft on Tuesday issued six security bulletins fixing 15 vulnerabilities, including a critical patch for holes in the Windows kernel and other Windows and Office components that could allow an attacker to take control of a computer.

One of our readers was unable to find out if the RBS disaster has Windows to blame. It's too secretive.

Recent Techrights' Posts

LLM Slopfarms: LinuxSecurity.com and FUDZilla Doing 'Linux' (Fake Articles): It's 2025. Everything on the Web is getting worse, except SPARTAN.
Red Hat's Bluewashing to be Further Completed This Year: Do not wait for some announcement from redhat.com - it's already covered by IBM
LLM Slop is Now Filling the Web With Pure Fiction/Fabrication/Misinformation About Linux: The timing of this lie/fiction is curious because Torvalds is being brigaded for defending C
FUDZilla Has Turned Into LLM Slop and Machine-Generated FUD (New York Times Has Also Just Admitted Moving in That Direction): Failing news sites, instead of calling it quits with some remaining dignity, are handing control over to LLM slop (pretending to still be active)
By Buying Twitter, MElon and Cheeto Now Control EU Politicians, Even at the Highest Levels: "the top level politicians make the egregious mistake of trying to treat Xitter as if it were a communications medium"
How to 'Sell' Software Freedom to People: In my experience, it helps when one speaks about control, not freedom, including confidentiality
A Gift That Keeps on Giving: Microsofters Reveal a Campaign of SLAPP, Seeking to Censor Critical Information About Lawsuits Against Microsoft: All they can get here or mockery and ridicule
Two Years After Issuing Ridiculous Threats and Choosing a Law Firm in Debt (Probably Desperate for Clients) Matthew J. Garrett Gets Help ('Bailout') From Microsofters: The karma won't be good
How Americans View 'Free Speech' in Practice: "No good deed goes unpunished"
Threats Against Techrights Always Come From Outside Britain: Over the coming days we shall write about an example of our own and we'll show how Americans have the audacity to bully people using a foreign (to them) court
Links 18/02/2025: More DeepSeek Bans and Supreme Court Patent Challenges: Links for the day
Links 18/02/2025: FAA Layoffs and EU Betrayed: Links for the day
On Technical Contracts of Employment and Why People Must Read Before Signing: The wave of layoffs under MElon will worsen prospects of finding alternate/better employment
Gemini Links 18/02/2025: Reading Books and Oneiric Monk: Links for the day
Swiss corruption, Greens, Liip & Debian human rights violations: Reprinted with permission from Daniel Pocock
Swiss police TIGRIS unit, World Cat Day, Swiss-corruption.com & Debian: Reprinted with permission from Daniel Pocock
Links 18/02/2025: “Hey Hi Video Surveillance” and YouTube at 20: Links for the day
The Washington Post (Jeff Bezos) Dies in Darkness: spread it on
Gemini Links 18/02/2025: Downloading Gemini Files with Emacs and Elpher, Gopher on Devuan: Links for the day
Richard Stallman Confirms His Next Talk, "Free/Libre Software and Freedom in the Digital Society" (Next Monday in Free University of Bozen-Bolzano): He could already advertise this more than a week ago
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, February 17, 2025: IRC logs for Monday, February 17, 2025
IBM's Chronic Neglect Won't Save Anything and It Might Even Get IBM Sued: The problem is likely a lack of manpower, not deliberate shoddiness
Gemini Links 17/02/2025: Ideal OS, AuraRepo Alpha, and Simple Code: Links for the day
The "Cool Kids" Are Already Using GNU/Linux, Microsoft is Just Cheating: The future and the present are Linux
Links 17/02/2025: War on Dissent and Bloggers, Nationalism a Growing Theme: Links for the day
IBM Going International (and India): It's Monday and a national holiday
GeekWire: Microsoft Bribes Us While We Cover Microsoft Affairs (Spin Doctoring), Hence We Are "Independent": What good is a "journalist" sponsored by the very same company he or she writes about?
The Attacks on LinuxQuestions.org: Going to Clownflare only worsens the problem
The GNU Manifesto Turns 40 Next Month: The guardian of Free software (definition, licences, philosophy, hosting and so on) has managed to endure and persevere for 40 years. Very few others can say the same.
Microsoft Lunduke Belongs in 4Chan: Assuming Microsoft Lunduke is aware of the full context, he is now trolling not one but two decent organisations
In Europe and in India Richard Stallman Need Not Duck Anymore, People Trying to Cancel His Talk Have No Sway: the last time a talk by Dr. Stallman got canceled was about a year ago
Back From a Short Break: We can now resume and try to stick to the usual pace
Links 17/02/2025: LLMs Failing and Patreon Support Becoming a Burden to Bloggers: Links for the day
Links 17/02/2025: Blogroll Conundrum; Research, Scientists Under Siege: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, February 16, 2025: IRC logs for Sunday, February 16, 2025
Links 16/02/2025: Nostalgia for Physical Media and the US Government Actively Promotes Pro-Kremlin Politicians in the EU: Links for the day
Gemini Links 16/02/2025:Life, Cynicism, and languages: Links for the day
Links 16/02/2025: Oligarchs "Collect Your Data and Control Your World", Global Temperatures Shoot Up: Links for the day
Promoting Microsoft Windows With LLM Slop: What is the policy at BetaNews regarding LLM slop?
Alex Oliva, the Potential 'Successor' of RMS, Has a New Web Site: More freedom for Alex Oliva
Links 16/02/2025: "Microsoft Is Laying Off Employees" and Internal Dissent Brewing at Facebook Over Regime Complicity: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, February 15, 2025: IRC logs for Saturday, February 15, 2025