On The Insider: Britney's Bikini-Clad Top 10
BNET Business Network:
BNET
TechRepublic
ZDNet
36 TalkBacks

By Tom Espiner ZDNet UK
Posted on ZDNet News: Sep 08, 2009 8:23:04 AM

A security researcher has said there is a zero-day vulnerability affecting Windows 7 and Vista.

The flaw in Windows 7 could allow an attack which would cause a critical system error, or "Blue Screen of Death", according to researcher Laurent Gaffie.

Gaffie wrote in his blog that the flaw lies in a Server Message Block 2 (SMB2) driver.

"SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionality," wrote Gaffie in a blog post on Monday.

Gaffie said he had contacted Microsoft. Comments on his blog by other users said that the flaw could lead not only to denial of service, but could also lead to remote code execution.

Computer security publication 'The H' wrote on Tuesday that its German sister publication had tested the proof-of-concept code, and that while the exploit had caused a reboot on Vista, the exploit had not worked on Windows 7.

Metasploit creator HD Moore said in a tweet on Tuesday that an SMB bug appeared to have been introduced into Vista SP1. Coder Josh Goebel said in a blog post that he had added the exploit code to Metasploit.

Microsoft had not responded to a request for comment at the time of writing.

This article was originally posted on ZDNet UK.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 36 Talkback(s)
RE: Windows zero-day reported
wondering why I blue screened in vista the other day I wonder wonder wonder... (Read the rest)
Posted by: BillyBell89 Posted on: 10/08/09 You are currently: a Guest | | Terms of Use
Oh my god, a piece of software has an error!  JasonJD48 | 09/08/09
RE: Windows zero-day reported  gertruded | 09/08/09
Daily?  mgp3 | 09/08/09
Oh my god, an exaggeration on a blog!  AzuMao | 09/09/09
RE: Windows zero-day reported  znetlol | 09/08/09
It's your assertion Linux doesn't have vulnerabilities?  ye | 09/08/09
You are right  JMGM | 09/08/09
Indeed  gnesterenko | 09/08/09
Of course  Viva la crank dodo | 09/08/09
Really?  Tim Patterson | 09/08/09
Need we?  gnesterenko | 09/09/09
Known vulnerabilities  sabroad | 09/10/09
Nope. If anything, stuff in Linux gets fixed faster than Windows.  AzuMao | 09/11/09
Your point being? nt  ye | 09/08/09
Point being you don't get what you pay for you nowadays.  AzuMao | 09/11/09
That's a really stupid interpretation.  AzuMao | 09/09/09
That one  gnesterenko | 09/11/09
Nope  AzuMao | 09/11/09
Stupid assertion...  linuxer | 09/12/09
******  Hiveon | 09/13/09
and you missed  rdawson@... | 10/08/09
You're the one getting angry and swearing.. perhaps YOU should chill out.  AzuMao | 10/08/09
good for you  magallanes | 09/09/09
Re: RE: Windows zero-day reported  st1ng | 09/11/09
Windows Firewall blocks the exploit  directory | 09/08/09
In addition  gnesterenko | 09/08/09
Win 7 is released code  James.VanOeffelen@... | 09/08/09
It will probably be in  Erroneous | 09/08/09
Even more then that  gnesterenko | 09/09/09
Huh? It's already been released to manufacturing.  AzuMao | 09/11/09
Hmmmmm...  macpipkin | 09/08/09
You only JUST NOW figured that out? Haha..  AzuMao | 09/09/09
Are you contradicting yourself?  davidcorley@... | 09/09/09
This might explain the Vista machines with the BSOD  bobdavis321 | 10/08/09
Big Whoop!  richdave | 10/08/09
RE: Windows zero-day reported  BillyBell89 | 10/08/09

What do you think?

SmartPlanet

Click Here