Categories: PCSecurityWorkspace

Microsoft Confirms First Ever Windows 7 Bug

Microsoft has hurriedly issued a security advisory in order to help users concerned about a new zero-day vulnerability with Windows 7, as well as Windows Server 2008 R2.

Reports of the security vulnerability first came to light after last week’s Patch Tuesday, when researcher Laurent Gaffie revealed that the bug can be exploited to remotely trigger a denial-of-service condition in Windows 7 and Windows Server 2008 R2. Gaffie posted proof-of-concept code to the Full Disclosure mailing list and his personal blog last week.

The bug he uncovered lies within the Server Message Block (SMB) protocol and affects SMB versions 1 and 2, the advisory states. SMB is the file-sharing protocol used by default on Windows-based computers.

According to Microsoft, users can block TCP ports 139 and 445 at the firewall to defend themselves against exploits. Instructions on how to do that are contained within the advisory. Several Windows services use the affected ports, so blocking connectivity to the ports may cause various applications or services to stop functioning, Microsoft warned.

“Microsoft is aware of public, detailed exploit code that would cause a system to stop functioning or become unreliable,” Dave Forstrom, group manager of public relations for Microsoft Trustworthy Computing, said in a statement. “If exploited, this DoS vulnerability would not allow an attacker to take control of, or install malware on, the customer’s system but could cause the affected system to stop responding until manually restarted. It is important to note that the default firewall settings on Windows 7 will help block attempts to exploit this issue.”

According to the advisory, the issue can be exploited through web transactions regardless of browser type.

“In a web-based attack scenario, an attacker would have to host a web page that contains a specially crafted URI,” the advisory states. “A user that browsed to that website will force an SMB connection to an SMB server controlled by the attacker, which would then send a malicious response back to the user. This response would cause the user’s system to stop responding until manually restarted.

“In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability,” the advisory continues.” An attacker would have no way to force users to visit a specially crafted website. Instead, an attacker would have to convince them to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker’s site.”

Microsoft noted that the vulnerability is unrelated to MS09-050, which addressed three security issues affecting SMB Version 2.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

US Finalises Billions In Awards To Samsung, Texas Instruments

US finalises $4.7bn award to Samsung Electronics, $1.6bn to Texas Instruments to boost domestic chip…

7 mins ago

OpenAI Starts Testing New ‘Reasoning’ AI Model

OpenAI begins safety testing of new model o3 that uses 'reasoning' process to ensure reliability…

36 mins ago

US ‘Adding Sophgo’ To Blacklist Over Link To Huawei AI Chip

US Commerce Department reportedly adding China's Sophgo to trade blacklist after TSMC-manufactured part found in…

1 hour ago

Amazon Workers Go On Strike Across US

Amazon staff in seven cities across US go on strike after company fails to negotiate,…

2 hours ago

Senators Ask Biden To Extend TikTok Ban Deadline

Two US senators ask president Joe Biden to delay TikTok ban by 90 days after…

2 hours ago

Journalism Group Calls On Apple To Remove AI Feature

Reporters Without Borders calls on Apple to remove AI notification summaries feature after it generates…

3 hours ago