Microsoft warns of Windows 7 zero-day flaw


— 4:24 PM on November 16, 2009

Is this the first zero-day security vulnerability in Microsoft's new operating system? According to ComputerWorld, Microsoft has confirmed the presence of a flaw through which attackers could crash Windows 7 and Windows Server 2008 R2 machines.

Reportedly, exploiting the flaw can bog down those operating systems "so thoroughly that the only recourse is to manually power off the computers." Microsoft's security advisory says the flaw has to do with the Server Message Block (SMB) protocol, which is used for file sharing in Windows networks, among other things.

Microsoft spokesperson Dave Forstrom told ComputerWorld, "Microsoft is aware of public, detailed exploit code that would cause a system to stop functioning or become unreliable. . . . The company is not aware of attacks to exploit the reported vulnerability at this time."

ComputerWorld also quotes Microsoft as saying attackers could exploit the vulnerability by tricking someone into opening a malicious address from "any browser." The attacker could then issue "malformed SMB packets" to crash the system. Microsoft hasn't committed to releasing a fix within a certain time frame yet, although it says users who wish to err on the side of caution can block TCP ports 139 and 445 in their firewalls.

   
Register
Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.