Laurence Gaffié, a security researcher, has discovered a weakness in Windows 7 and published all the relevant details on the full disclosure mailing list archives at Insecure.org.
The bug has been recognised by Microsoft but its importance has been minimised by the software company. On his blog, Gaffié went as far as providing with a proof of concept which he used to remotely crash Windows 7 (and Windows Server 2008 R2) on a local area network.
Such an attack is also possible through any version of Internet Explorer even older ones (or broadcasting NetBIOS Name Server "trick") even if the system's firewall is activated. The vulnerability, which is found in the Server Message Block (SMB) file sharing protocol, could effectively be used to perform a denial of service (DOS) attack through an infinite loop.
Canada-based Gaffié also maintains that the bug was a "real proof" that Microsoft's Security Development Lifecycle had failed. The temporary solution, according to him would be to, "Close SMB feature and ports, until a real audit is provided." However, the flaw doesn't allow hackers to gain unauthorised remote access to information on any machine.
Microsoft has rapidly released a security advisory and suggests that two ports at the firewall could be blocked to protect users from any external attacks. Older versions of Windows, Vista, Server 2008 R1, Server 2003, Windows 2000 and Windows XP are not affected by the bug.
Our Comments
It was only a matter of time before Microsoft's Windows 7 suffer its first zero-day vulnerability. Microsoft's most secure OS yet. The bug for now doesn't allow hackers to remotely access private data but one can bet that such a gaping hole will be found sooner or later in Windows 7's armour.
Related Links
Microsoft Reacts to Windows 7 0-Day DoS Vulnerability
(Softpedia)
Microsoft working on a fix for a zero-day vulnerability in Windows 7
(Topnews)
First Windows 7 zero day exploit is spotted
(Theinquirer)
Windows 7 , Server 2008R2 Remote Kernel Crash
(Seclist)
Microsoft confirms first Windows 7 zero-day bug
(Computerworld)
Add Your Comment
Follow on Twitter
More Articles
News
Hot Topics
Office web is the latest addition to Microsoft's Office business suite and is set to be the company's most revolutionary version.
Microsoft's 14th version of its award winning, multi-billion dollar cash cow business suite, is the company's most ambitious to date.
Spotify is certainly one of the most popular online music websites in the world which is a feat for a service that was officially launched only in February 2009
Featured Content
- The New Voice of the CIO. 158 CIOs in midsized businesses across 31 countries reveal their insights and vision for enhancing
competitiveness over the next five years.
Download Document
Customer Case Studies
- How a wine wholesaler improved the flow of information
Download full case study
- The server that made an entire university smarter
Download full case study
Videos
Latest Tweets
Comments