RealTime IT News

Did Windows 7 Get Its First Zero-Day Exploit?

Windows 7's commercial debut is still six weeks and change away, but hackers haven't been dozing.

Monday, a hacker named Laurent Gaffie posted what he claims is proof-of-concept code for a zero-day attack on Windows 7 and Windows Vista on the Full Disclosure security blog.

However, after an initial investigation, Microsoft (NASDAQ: MSFT) says it's a tempest in a tea pot.

"Although we’re continuing our investigation, we can confirm that Windows 7 is not affected," a Microsoft spokesperson said in an e-mail to InternetNews.com. "We’re currently unaware of any attacks trying to use the claimed vulnerability on Windows Vista or of customer impact," the spokesperson said.

Gaffie responded that the exploit doesn't always work -- but it does exist.

"The Windows 7 case is 'funny.' Many people posted on my blog about that, 50 percent works [but] 50 percent doesn't work," he told InternetNews.com in an e-mail. "I guess some versions don't use the same driver," he added.

Late Tuesday, the Internet Storm Center (ISC) confirmed that the exploit works. " We have confirmed it affects Windows 7/Vista/Server 2008," said a posting on ISC's site.

The exploit, which some of the commenters on Gaffie's own blog said they have been able to duplicate, so far only causes a denial of service condition that results in Windows 7 and Vista -- and possibly Windows Server 2008 -- exhibiting the dreaded "blue screen of death," or BSOD.

However, other commenters said they believe Gaffie's proof-of-concept code could be easily tweaked to yield a complete system compromise exploit.

XP not affected

In his posts, Gaffie explained that he found the hole in Microsoft's implementation of what is called System Message Block (SMB) Version 2, which is only found in Vista, Windows 7, and Windows Server 2008. Earlier releases of Windows -- notably XP and 2000, which use SMB1 -- are not affected.

SMB is a network protocol that enables Windows to share files, directories, and devices. SMB2 is an update to the original SMB protocol that reduces the need to make as many round trips between the client and server.

It's not the first time that Windows 7 has been accused of being buggy. A month ago, some netizens insisted that a problem with a hard disk utility called chkdsk consumed too much memory, causing Windows 7 to crash.

Some naysayers even suggested that the chkdsk issue would derail the scheduled October 22 retail shipment of Windows 7. However, Steven Sinofsky, president of the Windows Division, put the kibosh on that thinking in a blog post that declared the problem a non-starter -- not a "show stopper."

"While we appreciate the drama of 'critical bug' and then the pickup of 'showstopper' that I've seen, we might take a step back and realize that this might not have that defcon level," Sinofsky said in the blog post.

Meanwhile, Microsoft's security team has their hands full already this week, issuing the monthly "Patch Tuesday" bug fixes, as well as trying to finish and test a patch for FTP (file transfer protocol) to address a "critical" zero-day hole in older versions of its Internet Information Services Web server technology.

The Microsoft spokesperson said that anyone who feels they've been affected should contact Microsoft's no charge Security Support site.