09.08.09

Gemini version available ♊︎

Vista 7 Less Secure Than Predecessors? Remote BSoD Now Possible!

Posted in Marketing, Microsoft, Security, Vista, Vista 7, Windows at 4:46 am by Dr. Roy Schestowitz

BSoD for Novell

Summary: Vista and Vista 7 can be crashed remotely due to a newly-disclosed vulnerability

SO, Microsoft rewrote some networking components for Windows Vista, which may sound like a positive thing. Security experts warned that Microsoft had simply abandoned mature, well-established BSD code and they were right. Does anyone remember those flaws in Windows 95 which enabled remote computer users to ‘nuke’ their friends and foes (causing their computer to BSoD) given only their IP address? Well, that’s back in Vista 7.

Freshly disclosed: “Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.”

V. BUSINESS IMPACT

An attacker can remotly crash without no user interaction, any Vista/Windows 7 machine with SMB enable. Windows Xp, 2k, are NOT affected as they dont have this driver.

VI. SYSTEMS AFFECTED

Windows Vista/7 All (64b/32b|SP1/SP2 fully updated) and possibly Win Server 2008 as it use the same SMB2.0 driver (not tested).

Wow. That is some serious stuff. What might it do to the already-poor track record of Vista 7 in security? The Register wrote about the death of the “Vista” brand and it might be just a matter of time before Vista 7′s brand is tarnished to the same extent.

Microsoft spent an absolute fortune on the Vista brand. In marketing terms, the Vista campaign was huge by any standards, and was a big success insofar as raising awareness of Microsoft’s next-generation Windows offering was concerned.

Sounds familiar? Vista 7 is Vista all over again; the resemblance in terms of hype and marketing is uncanny.

Well, if “Windows 7″ ends up like Vista in the market, then Microsoft will at least have the “Mojave” brand. Microsoft (and its extended ecosystem) can no longer just throw trolls at the problem. The hundreds of millions of dollars spent on building brands and bullying critics [1, 2, 3, 4] do have a limited shelf life.

“I am currently testing the Beta of Win7 in a closed VM environment. I am considering deleting it. It’s actually worse than Vista. Multiple program crashes, refusal to install any software, naff looks and many other complaints.”

Moog

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

7 Comments

  1. David Gerard said,

    September 8, 2009 at 5:04 am

    Gravatar

    I’ve posted this at Slashdot – please vote it up.

  2. Yuhong Bao said,

    September 8, 2009 at 12:13 pm

    Gravatar

    It is Vista/7, not “Vista 7″. This probably got confused by the fact that BN calls 7 “Vista 7″, which can easily be confused with “Vista/7″ which is different. I don’t use this name myself.

    Roy Schestowitz Reply:
    September 8th, 2009 at 12:30 pm

    Those two are very similar. Underneath they are virtually the same and the above proves it.

    Yuhong Bao Reply:
    September 8th, 2009 at 2:06 pm

    I would not go that far, but yes there are indeed many similarities between Vista and 7. In this case, the key similarity is that they both support SMB 2.0, which was a new version of the SMB protocol introduced with Vista.

    Roy Schestowitz Reply:
    September 8th, 2009 at 2:39 pm

    Underneath, however, the same codebase is more or less shared. It’s not about this one flaw in particular.

    Yuhong Bao Reply:
    September 8th, 2009 at 3:41 pm

    7 have many modifications to the Vista codebase. But yes indeed there is indeed many similarities to Vista in 7, certainly more similarities than Vista was compared to XP. Not that this makes Vista/7 bad IMO, but still.

  3. Yuhong Bao said,

    September 8, 2009 at 10:04 pm

    Gravatar

    Ars Technica reports that MS has issued a security advisory concerning this issue, saying 7 is not affected:
    http://arstechnica.com/microsoft/news/2009/09/new-flaw-can-remotely-crash-windows-vista-and-windows-7.ars

DecorWhat Else is New

  1. Links 29/03/2023: Parted 3.5.28 and Blender 3.5

    Links for the day

  2. Links 29/03/2023: New Finnix and EasyOS Kirkstone 5.2

    Links for the day

  3. IRC Proceedings: Tuesday, March 28, 2023

    IRC logs for Tuesday, March 28, 2023

  4. [Meme] Fraud Seems Standard to Standard Life

    Sirius ‘Open Source’ has embezzled and defrauded staff; now it is being protected (delaying and stonewalling tactics) by those who helped facilitate the robbery

  5. 3 Months to Progress Pension Fraud Investigations in the United Kingdom

    Based on our experiences and findings, one simply cannot rely on pension providers to take fraud seriously (we’ve been working as a group on this); all they want is the money and risk does not seem to bother them, even when there’s an actual crime associated with pension-related activities

  6. 36,000 Soon

    Techrights is still growing; in WordPress alone (not the entire site) we’re fast approaching 36,000 posts; in Gemini it’s almost 45,500 pages and our IRC community turns 15 soon

  7. Contrary to What Bribed (by Microsoft) Media Keeps Saying, Bing is in a Freefall and Bing Staff is Being Laid Off (No, Chatbots Are Not Search and Do Not Substitute Web Pages!)

    Chatbots/chaffbot media noise (chaff) needs to be disregarded; Microsoft has no solid search strategy, just lots and lots of layoffs that never end this year (Microsoft distracts shareholders with chaffbot hype/vapourware each time a wave of layoffs starts, giving financial incentives for publishers to not even mention these; right now it’s GitHub again, with NDAs signed to hide that it is happening)

  8. Full RMS Talk ('A Tour of Malicious Software') Uploaded 10 Hours Ago

    The talk is entitled "A tour of malicious software, with a typical cell phone as example." Richard Stallman is speaking about the free software movement and your freedom. His speech is nontechnical. The talk was given on March 17, 2023 in Somerville, MA.

  9. Links 28/03/2023: KPhotoAlbum 5.10.0 and QSoas 3.2

    Links for the day

  10. The Rumours Were Right: Many More Microsoft Layoffs This Week, Another Round of GitHub Layoffs

    Another round of GitHub layoffs (not the first [1, 2]; won’t be the last) and many more Microsoft layoffs; this isn’t related to the numbers disclosed by Microsoft back in January, but Microsoft uses or misuses NDAs to hide what’s truly going on

  11. All of Microsoft's Strategic Areas Have Layoffs This Year

    Microsoft’s supposedly strategic/future areas — gaming (trying to debt-load or offload debt to other companies), so-called ‘security’, “clown computing” (Azure), and “Hey Hi” (chaffbots etc.) — have all had layoffs this year; it’s clear that the company is having a serious existential crisis in spite of Trump’s and Biden’s bailouts (a wave of layoffs every month this year) and is just bluffing/stuffing the media with chaffbots cruft (puff pieces/misinformation) to keep shareholders distracted, asking them for patience and faking demand for the chaffbots (whilst laying off Bing staff, too)

  12. Links 28/03/2023: Pitivi 2023.03 is Out, Yet More Microsoft Layoffs (Now in Israel)

    Links for the day

  13. IRC Proceedings: Monday, March 27, 2023

    IRC logs for Monday, March 27, 2023

  14. Links 27/03/2023: GnuCash 5.0 and Ubuntu 20.04 LTS on Phones

    Links for the day

  15. Links 27/03/2023: Twitter Source Code Published (But Not Intentionally)

    Links for the day

  16. IRC Proceedings: Sunday, March 26, 2023

    IRC logs for Sunday, March 26, 2023

  17. Links 26/03/2023: OpenMandriva ROME 23.03, Texinfo 7.0.3, and KBibTeX 0.10.0

    Links for the day

  18. The World Wide Web is a Cesspit of Misinformation. Let's Do Something About It.

    It would be nice to make the Web a safer space for information and accuracy (actual facts) rather than a “Safe Space” for oversensitive companies and powerful people who cannot tolerate criticism; The Web needs to become more like today's Gemini, free of corporate influence and all other forms of covert nuisance

  19. Ryan Farmer: I’m Back After WordPress.com Deleted My Blog Over the Weekend

    Reprinted with permission from Ryan

  20. Civil Liberties Threatened Online and Offline

    A “society of sheeple” (a term used by Richard Stallman last week in his speech) is being “herded” online and offline; the video covers examples both online and offline, the latter being absence of ATMs or lack of properly-functioning ATMs (a growing problem lately, at least where I live)

  21. Techrights Develops Free Software to Separate the Wheat From the Chaff

    In order to separate the wheat from the chaff we’ve been working on simple, modular tools that process news and help curate the Web, basically removing the noise to squeeze out the signal

  22. Links 26/03/2023: MidnightBSD 3.0 and FreeBSD 13.2 RC4

    Links for the day

  23. IRC Proceedings: Saturday, March 25, 2023

    IRC logs for Saturday, March 25, 2023

  24. Links 26/03/2023: More TikTok Bans

    Links for the day

  25. Links 25/03/2023: Gordon Moore (of Moore's Law) is Dead

    Links for the day

  26. Links 25/03/2023: Decade of Docker, Azure Broken Again

    Links for the day

  27. [Meme] Money Deducted in Payslips, But Nothing in Pensions

    Sirius ‘Open Source’ has stolen money from staff (in secret)

  28. IRC Proceedings: Friday, March 24, 2023

    IRC Proceedings: Friday, March 24, 2023

  29. The Corporate Media is Not Reporting Large-Scale Microsoft Layoffs (Too Busy With Chaffbot Puff Pieces), Leaks Required to Prove That More Layoffs Are Happening

    Just as we noted days ago, there are yet more Microsoft layoffs, but the mainstream media gets bribed to go “gaga” over vapourware and chaffbots (making chaff like “Bill Gates Says” pieces) instead of reporting actual news about Microsoft

  30. Sirius 'Open Source' Pensiongate: Time to Issue a Warrant of Arrest and Extradite the Fake 'Founder' of Sirius

    Sirius ‘Open Source’ is collapsing, but that does not mean that it can dodge accountability for crimes (e.g. money that it silently stole from its staff since at least 12 years ago)

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts