Microsoft Windows 7 Hit By Zero Day Vulnerability - GoFuckYourself.com

DVTimes · 11-15-2009, 08:05 PM

http://www.itproportal.com/www/news/...vulnerability/

Laurence Gaffié, a security researcher, has discovered a weakness in Windows 7 and published all the relevant details on the full disclosure mailing list archives at Insecure.org.

The bug has been recognised by Microsoft but its importance has been minimised by the software company. On his blog, Gaffié went as far as providing with a proof of concept which he used to remotely crash Windows 7 (and Windows Server 2008 R2) on a local area network.

Such an attack is also possible through any version of Internet Explorer even older ones (or broadcasting NetBIOS Name Server "trick") even if the system's firewall is activated. The vulnerability, which is found in the Server Message Block (SMB) file sharing protocol, could effectively be used to perform a denial of service (DOS) attack through an infinite loop.

Canada-based Gaffié also maintains that the bug was a "real proof" that Microsoft's Security Development Lifecycle had failed. The temporary solution, according to him would be to, "Close SMB feature and ports, until a real audit is provided." However, the flaw doesn't allow hackers to gain unauthorised remote access to information on any machine.

Iron Fist · 11-15-2009, 08:19 PM

Yawn.....

11-15-2009, 08:05 PM	#1
DVTimes xxx Industry Role: Join Date: Jun 2003 Location: UK Posts: 31,544	Microsoft Windows 7 Hit By Zero Day Vulnerability http://www.itproportal.com/www/news/...vulnerability/ Laurence Gaffié, a security researcher, has discovered a weakness in Windows 7 and published all the relevant details on the full disclosure mailing list archives at Insecure.org. The bug has been recognised by Microsoft but its importance has been minimised by the software company. On his blog, Gaffié went as far as providing with a proof of concept which he used to remotely crash Windows 7 (and Windows Server 2008 R2) on a local area network. Such an attack is also possible through any version of Internet Explorer even older ones (or broadcasting NetBIOS Name Server "trick") even if the system's firewall is activated. The vulnerability, which is found in the Server Message Block (SMB) file sharing protocol, could effectively be used to perform a denial of service (DOS) attack through an infinite loop. Canada-based Gaffié also maintains that the bug was a "real proof" that Microsoft's Security Development Lifecycle had failed. The temporary solution, according to him would be to, "Close SMB feature and ports, until a real audit is provided." However, the flaw doesn't allow hackers to gain unauthorised remote access to information on any machine. __________________ The Affiliate Program

11-15-2009, 08:19 PM	#2
Iron Fist Too lazy to set a custom title Join Date: Dec 2006 Posts: 23,400	Yawn..... __________________ i like waffles