A new unpatched bug can crash Windows 7

By siliconindia | Thursday, 12 November 2009, 15:08 IST | 1 Comments

Bangalore: A day after Microsoft blocked 15 dozen holes in its software, a security researcher brought out a new unpatched bug in Windows 7 and Server 2008 R2 that, when exploited, locks up the system, requiring a total shutdown to regain control. Microsoft acknowledged that it's investigating the flaw. Laurent Gaffie posted the details of the vulnerabilities, along with proof-of-concept exploit code, to the Full Disclosure security mailing list. "The attack code crashes the kernel in Windows 7 and its server sibling, Windows Server 2008 R2, triggering an infinite loop," said Gaffie. Gaffie claimed that the exploit, powered by vulnerability in the new operating systems' implementation of SMB (Server Message Block), could be successfully launched from within a network from an already compromised computer, or used to attack Windows 7 machines via Internet Explorer (IE) by transmitting a rogue SMB packet to the PC. He also confirmed that unlike more serious flaws, the Windows 7 SMB bug cannot be used by attackers to hijack a PC. Microsoft confirmed that the company is looking into Gaffie's claims. "We are investigating new public claims of a possible denial-of-service vulnerability in Windows Server Message Block. Once we're done with investigation, we will take appropriate action and may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers to protect themselves." said Microsoft Spokesman.

Siliconindia

A new unpatched bug can crash Windows 7

Featured Vendors

Singh Biotechnology: Unlocking the “Undruggable”

Fixpliance AI: Fixing Compliance at the Speed of AI

Harness: Unified AI Platform for Faster, Safer Delivery

Straiker: Unlocking AI’s Future

Mem0: The Missing Link in AI at Scale

Votal AI: Redefining Workforce Efficiency Through Ethical AI