EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.12.09

Vista 7 Exploit is Out (Zero-Day Vulnerability)

Posted in Microsoft, Security, Servers, Vista 7, Windows at 12:11 pm by Roy Schestowitz

Vista 7

Summary: Vista 7 and Server 2008 R2 both suffer from a zero-day hole and there is no solution to it yet

VISTA 7 was never a secure operating system, not even when it was in beta. To give a sample of posts on that matter:

The reality of this matter is that Vista 7, as expected, has a very major new flaw, which is already being exploited

This bug is a real proof that SDL #FAIL
The bug trigger an infinite loop on smb{1,2}, pre-auth, no credential needed…
Can be trigered outside the lan via (IE*)

It sure sounds familiar and Microsoft does no deny it.

Microsoft probing Windows 7 zero-day hole

Microsoft said on Wednesday it is looking into a report of a vulnerability in Windows 7 and Server 2008 Release 2 that could be used by an attacker to remotely crash the computer.

[...]

Gaffié also posted proof-of-concept code for the “Windows 7, Server 2008R2 Remote Kernel Crash.”

“It is an error in the SMB protocol,” tells one person, “and it sends the machine into an infinite loop. Power cycle or reset time it is.”

A reader of ours asks: “Isn’t this a repeat of the teardrops-like exploit from this summer / fall?

“If so, then the reporters seem to think they can get away with [fooling] the public as to how long Microsoft is taking to patch their problems.”

Update: The Windows kernel has just had critical holes addressed, but the above remains unpatched.

Microsoft on Tuesday issued six security bulletins fixing 15 vulnerabilities, including a critical patch for holes in the Windows kernel and other Windows and Office components that could allow an attacker to take control of a computer.

One of our readers was unable to find out if the RBS disaster has Windows to blame. It’s too secretive.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • StumbleUpon
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Propeller
  • Slashdot
  • Technorati
  • TwitThis
  • Webnews
  • YahooMyWeb

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channel. To use your own IRC client, join channel #boycottnovell in FreeNode.

Pages that cross-reference this one

What Else is New

  1. Windows 'Battery Killer' (Vista 7) Also Has USB Data Transfer Issues and Stability Problems, Does Not Sell Well

    Vista 7 is plagued by serious bugs and new patches from Microsoft are said to be making things even worse; Microsoft is still unable to formulate a response to the new problems and Vista 7 sales continue to disappoint, so more vapourware and fake "leaks" are being used instead

  2. Norwegian Agency for Public Management and eGovernment Slams Microsoft OOXML

    The authorities in Norway justify the country's decision to reject Microsoft's standards-hostile ploy

  3. Steve Ballmer Visits Obama Once Again as His Fight Against Google Continues

    Updates on the competition between Microsoft and Google -- a rivalry that takes political form

  4. Microsoft's Hostile Takeover of the Healthcare System

    Microsoft wants to make medical records and management of patients a lot more dependent on Windows and its own private servers

  5. More Mono and Patent Poison from Novell

    “Pinta” comes from Novell staff and software patents tax (on SLE*) comes from Microsoft in the form of vouchers

  6. Patents Roundup: EFF Defends VoIP; Google, Apple, and Black Duck Stifle Progress; Microsoft Joins RPX

    A quick look at some patent news from the past week, ranging from defence to offence

  7. United Nations and World Bank Help Bill Gates and Microsoft Colonise Africa

    Microsoft's and Gates' incursions in Africa are backed by self-serving Western agenda of patents and proprietary software

  8. IRC: #boycottnovell @ FreeNode: February 8th, 2010

    IRC Log for February 8th, 2010

  9. Links 8/2/2010: Linux 2.6.33 RC7 and Parsix GNU/Linux 3.0r2 Released

    Links for the day

  10. Xbox 360 Still Under Many Lawsuits

    Lawsuits from many fronts add to the trouble that Microsoft's Xbox 360 already faces

  11. Facebook and Microsoft Revisited; New Examples of Microsoft Entryism

    A look at Facebook's relationship with Microsoft in 2010; Microsoft employees have an effect in competitors of Microsoft, so this issue is addressed too

  12. Microsoft Still Exploits the Taxpayers-Funded NASA to Spread Silver Lie and Close Down Research

    Microsoft-imposed corruption of NASA's obligation to the public carries on as it strives to capture academia too

  13. Microsoft 'Cloud' Falls Offline for a Quarter of a Day, Zune 'Cloud' Deletes Music, Microsoft Shop Also Kaput

    Microsoft continues to give online operations and online storage a bad name because of its sheer incompetence

  14. Ubuntu Perspectives: Signs of Change

    Analysis of Canonical's latest moves, which are being defended by some and severely criticised by others

  15. Apple's Newton Executive Negative About Apple's Latest Attempts at a Shinier Newton

    Apple's iPad still faces sometimes-overwhelming criticism, even from the company's own supporters and existing/former staff

  16. Microsoft Loses Another Vice President, Management Vacuum Alarms the Press

    Another Microsoft Vice President has just left Microsoft, joining the ranks of many more

  17. IRC: #boycottnovell @ FreeNode: February 7th, 2010

    IRC Log for February 7th, 2010

  18. Links 07/2/2010: Linux Mint 8 KDE, Linus on Nexus One

    Links for the day

  19. Patents Roundup: Extortion, Protection Rackets, Patent Trolling, and Small Victory for Mozilla

    Johnson and Johnson's multi-billion-dollar patent fine, patents' harms to real science and life, patent trolls thrive, and Mozilla's opposition to patent-encumbered codecs gradually pays off

  20. The Microsoft Apologists and Boosters Really, Really Like Novell!

    A complete list of news articles about Moonlight 3.0 preview shows that its biggest fans are Microsoft fans

  21. iPad is Like Zune

    iPad -- like Zune -- might not reach the European Union (EU), possibly due to lukewarm reception and lack of appeal, not trademarks

  22. Microsoft Shows Yet Again That It is Allergic to GNU/Linux

    Microsoft's hatred of GNU/Linux, as demonstrated in this weekend's news

  23. Michael Arrington a Hypocrite: Bribed by Microsoft Yet Fires Bribed Bloggers

    Another fine example of an influential blogger who sells out to Microsoft yet does not apply to himself the same standards that he applies to colleagues

  24. Microsoft Refuses to Comment About (Deny) the Sex Parties, Drug Use

    No denial from Microsoft in the face of very strong allegations

  25. Another Misdirected Response from the Government to the Company “Not Engineered for Security”

    Another terrible month for Microsoft insecurity and the government is still unable to respond sensibly to the threat

  26. IRC: #boycottnovell @ FreeNode: February 6th, 2010

    IRC Log for February 6th, 2010

  27. Links 6/2/2010: GNOME Journal Released, ARM CEO Sees Bright Future

    Links for the day

  28. Novell Executives Still Cannot Write Blog Posts?

    New evidence of ghostwriters in Novell's own Web site

  29. Microsoft Wants More Licensing Instead of Windows Bans

    At the World Economic Forum in Davos, Microsoft super-lobbyist Craig Mundie requests new laws that complicate the Internet and ignore the real problem (Microsoft negligence)

  30. Oracle Gates

    A look back at nonsensical predictions and lack of foresight from Microsoft's Nostradamus

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts