Windows 7 Gets Its First 'Zero Day'

REALTIME IT NEWS

Blogs | 7 Day Summary | JustTechJobs

Hardware
- Dell Charges LCD Makers With ...
- Big Tech Teams on Google TV
- Fujitsu Intros new Xeon ...
Software
- IBM Gains Partners for ...
- Google Fixes Its Browser ...
- Virtualization Seen as ...
Mobility
- Droid Upgrade to Android 2.1 ...
- Google Denied Trademark for ...
- Sprint the Latest Nexus One ...
Web Content
- Facebook Trumps Google
- Looking Back on 25 Years of ...
- Google Hires XML Co-Creator ...
Search
- Google May Be Set to Depart ...
- Bing Continues to Gain Share
- Bing Makes Strides But ...
Government
- Senate Cybersecurity Bill ...
- Federal CTO Looks to ...
- Broadband Plan Sparks ...
Developer
- Open Source Business Models ...
- Novell Teams With Ingres for ...
- CodePlex Launches Network ...
Business
- Palm's Outlook Hazy as Pre, ...
- Is Google Trying to ...
- IDC Sees PC Market Rebound ...
Storage
- EMC Lays Out Global Storage ...
- Symantec Takes on ...
- Google Highlights Disaster ...
E-Commerce
- Google, BofA Lauded For Web ...
- Google Offers Local Product ...
- Firms Casting a Wide Net for ...
Networking
- Alcatel-Lucent Update ...
- Comcast Uses Open Source for ...
- VeriSign Planning $300 ...

Blogs
Most Popular
Hot Topics
Opinion

BroCo fires back on hacking, stock manipulation claims

Internet Explorer 9 vs Firefox 3.7 : Open beats Closed

Dot Com Turns 25: How Failure Turned to Success

Comcast CEO defends NBC deal, unsure on Hulu

Time for Google's Eric Schmidt to go?

Firefox 3.6.2 Coming March 30th - Where is 3.6.1?

First Fedora 13 Linux Alpha Shows Promise

Mozilla Apologies Over Jetpack Mockup Design

Does Oracle Losing Sun's Open Source Chief Matter?

Google Summer of Code 2010 Kicks Off

[ More ]

Subscribe
Learn More
Stats
Contact Staff

Select a newsletter and click Join to sign up!

InternetNews.com Podcast

InternetNews.com
Channel XML/RSS Feeds

Enterprise IT Planet News

Click a Topic to Expand

The Social Web

The New Idiot Box

Feeling the Need for RSS Feeds

Web Services Management

Web services: Evolution or Revolution

Making Money Off The Social Web

The Lure of The Social Network

The Privacy of Social Networking

My Grand Google Obsession

Coding Google's Future

Google Fun in The Summer

Google Pushes Apps

Google's Data Ambitions

Google's IPO

Google's Way With Words

Google, Opponents Square Off in DoubleClick Bid

Microsoft's Past Present And Future

The Vista Ripple Effect

A New Era For Microsoft

Eolas, Microsoft Duke it Out over ActiveX

Microsoft Preps Security Makeover for XP

Microsoft's Security Challenge

Microsoft's Storage Ambitions

Microsoft, AOL Become Partners

Microsoft/Yahoo: Can It Work?

Sun, Microsoft Bandage Old Wounds

The Next Microsoft Era

Truth Time at Microsoft's PDC

XML, Microsoft Threaten Adobe's PDF Format

Will Office 2003 Change Everything?

Mobile Universe

Motorola in Trouble

City-Wide Wi-Fi

Connected in The Windy City

Ultrawideband in the Home

Wi-Fi's Hotspots

CTIA in The Big Easy

Technology, Policy and Politics

3G at Home and Abroad

The Competitive Mobile Landscape

CTIA: A Wireless World in Sin City

Gadget Fest: CTIA Wireless 2008

Wireless Policy in Washington

Cradle to Grave Information Management

Disaster Recovery and Continuity

The Storage Compliance Boom

Compliance, Regulation And Storage

Calling all Clusters, Supercomputers

Betting on BPM

Database Software Continues to Evolve

Tech's Legal Battles

Google in Court

RIM Has Patent Issues

Microsoft In Court

Technology in the Courts

End of the IE Antitrust Case

Microsoft's Legal Struggles

The AMD/Intel Antitrust Showdown

A Patent Battle on eBay Territory

Google, Microsoft and Yahoo's Three-Way Search Battle

Calling Net Neutrality

Microsoft's EU Blues

Vonage on The Patent Hot Seat

Platforms and New Packages

VMware and the Virtualization Craze

Virtualization for All

SOAs in The Enterprise

Application Server Biz on the Rebound

Curtain Drawn on Windows Server 2003

SaaS in The Market

Struggling to Stay Atop the Server Market

Web Standards Bodies Fight for Freedom

Open Source Ecosystem

Microsoft: Loosening the Grip on Source

Showcasing Java

Sun a 'Tiger' at JavaOne

The Future of Java

GPL: Software Freedom Redefined

Linux in the Enterprise

Linux on the Desktop

LinuxWorld 04: A More Mature Tux

LinuxWorld Storms San Francisco

LinuxWorld Takes Boston

LinuxWorld by the Bay

Oracle's Linux Realm

SCO Declares War on Linux

The Growth of Linux-Based Storage

The Linux Kernel

Novell, Microsoft in Open Dance

Open Source Open for Business

Open-source Databases Gathering Steam

Oracle Plants Flag at OpenWorld 2006

Evolution of Search

Competing for the Search Lead

Enterprise Search Ready for Prime Time

Mobile Search Takes Flight

Racing To Dominate Desktop Search

Search And Censorship

Search Engine Optimization

Search Meets Mapping

Thinner Slices of The Paid Search Pie


Partner With Us

Windows 7 Gets Its First 'Zero Day'

Blogger that found earlier Windows bug claims to have found a hole in Windows 7.

Share this Article

Twitter

FriendFeed

Print this Article

Comment on this article

Email this Article

November 12, 2009
By Stuart J. Johnston: More stories by this author:

Windows 7 hasn't even been on the street for a month, yet one hacker has already found what he claims is a zero-day (define) vulnerability -- albeit so far the result of an attack is simply to crash the new system.

Hacker Laurent Gaffié, who last August found a problem in the "release candidate" (RC) version of Microsoft (NASDAQ: MSFT) Windows 7, announced his find on Wednesday. He also published proof-of-concept code to cause such crashes.

After some controversy last summer, Microsoft said that the bug Gaffié found that time affected some late, pre-release code, but that it did not impact the final released Windows 7 code.

The company subsequently patched the hole in affected operating systems in October.

Microsoft's Newest Biggest Bug Patch Ever
Windows 7 Won't Include Zero-Day Flaw: Microsoft
Is Windows 7 on Patch Tuesday Agenda?
Hackers May Force Microsoft's Hand on SMB2 Bug
Microsoft's Patch Tuesday Targets Fewer Holes

Microsoft did patch a pair of "important" security holes in Windows 7 in its October Patch Tuesday bug fix drop. However, they were not rated rated as "critical" -- the top tier of Microsoft's four-tier bug severity scale.

As last time, Gaffié publicized his latest find on his own blog, as well as the Full Disclosure blog site.

The bug that Gaffié found this time is related to the same problem he found last summer. It resides in a networking protocol called System Message Block or SMB. While the hole he found in August was only related to version two -- known as SMB2 -- the new hole affects both SMB1 and SMB2.

"Whatever your firewall is set to, you can get remotely smashed via IE [Internet Explorer] or even via some broadcasting [NetBIOS Name Service] tricks (no user interaction)," Gaffié said in his blog post.

LATEST NEWS

Smartphones Advance, Subscriber Growth Slows

Google May Be Set to Depart China Soon

Alcatel-Lucent Update Wireless Network Gear

Comcast Uses Open Source for IPv6 Deployment

IBM Gains Partners for LotusLive in the Cloud

The result, he said, is to cause a software kernel crash in either Windows 7 or in Windows Server 2008 Release 2 (R2). The crash causes a denial-of-service but doesn't compromise the user's PC -- at least not so far.

So far, Microsoft has said only that it's looking into the issue.

"Microsoft is investigating new public claims of a possible Denial-of-Service vulnerability in Windows Server Message Block. We’re currently unaware of any attacks trying to use the claimed vulnerability or of customer impact," Christopher Budd, security response communications lead at Microsoft, said in an e-mail.

"Once we’re done investigating, we will take appropriate action to help protect customers," Budd added.

Microsoft only earlier this week patched several critical bugs when it released its November Patch Tuesday fixes.

TAGS: Microsoft, vulnerabilities, security, Windows 7, zero-day

Share this Article

Twitter

FriendFeed

Print this Article

Comment on this article

Email this Article

Security Archives | 7 Day InternetNews Summary | Contact Stuart J. Johnston | Back to top

Add internetnews.com
to your browser search box.

IE 7 |

Firefox 2.0 |

Firefox 1.5.x

Receive news
via our XML/RSS:
feed

More InternetNews.com

Hardware	Software	Mobility	Web Content
Cisco Adopts Intel Westmere CPU for UCS Blades IDC Sees PC Market Rebound Through 2014 SGI Joins Xeon Lovefest With Origin Revival	Microsoft and Citrix Join in Virtualization Push IBM Teams With Assurant for Call Center Offering Microsoft Details SP1 for Windows 7, Server 2008	Droid OS Upgrade Could Drop This Week RIM Gives Mobile App Developers a Push Nexus One: Failure or a Late Bloomer?	Google Hires XML Co-Creator in Android Push Twitter Takes Geo-Location Feature Live Awareness Helps Firms Manage Social Networks
Search	Government	Developer	Business
Bing Makes Strides But Momentum Stalls Google, Microsoft & Yahoo Tout Real-Time Results Ballmer Happy With Bing's Progress	Broadband Plan Sparks Spectrum, USF Squabbles FTC Raps Weak Privacy in the Cloud, Social Media Microsoft Comes up Short in Another Patent Case	Microsoft Previews IE 9 Google's Open Source Project-Hosting Milestone Microsoft Offers Silverlight 4 Release Candidate	Red Hat CEO Pitches Open Source for Innovation IT Buyers Gravitating Toward Windows 7 Russian Hackers Manipulated Stock Prices: SEC
Storage	E-Commerce	Networking	Security
Oracle Drops Hitachi Storage for Sun Major Tech Firms Back Online Health Care IBM Offers Mainframe Data Deduplication	CyberSource, ThreatMetrix Team for ID Security Apple's iTunes Hits 10 Billion Download Mark Google Upgrades DoubleClick Ad Server	Cisco Advances Borderless Network Push Blue Coat Virtualizes WAN Acceleration ICANN, .Org Pressing Ahead With DNSSEC	FBI Says Cybercrime Skyrocketing What Microsoft Learned From Botnet Takedown Core Security Identifies Virtual PC Hole

New Openings

Risk Developer - C# - T-SQL - ASP.Net (IL) SALES EXECUTIVE - Technology Sales - New Business (NoCA) Data Warehouse Architect (IL)

Senior Developer – C# - C++ - Python - .Net - SQL Server (IL) Database Infrastructure Engineer (NYC) Systems Engineer Sr – Automation – Opsware SAS / HP SA

The Network for Technology Professionals

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers

Solutions

Whitepapers and eBooks

Article: Adobe Helps PHP Developers Create Rich Internet Applications
Case Study: Microsoft IT Strengthens Security with Data Loss Prevention Solution
Article: Reduce Your Infrastructure Costs with Microsoft System Center
Intel Brief: Five-Star IT Support--Intel Core 2 processor with vPro Delivers ROI of 524 Percent
Article: Security Enhancements Abound in Windows Server 2008
Article: Enterprise Social Computing with Microsoft SharePoint 2010
Intel Whitepaper: Implementing Intel vPro Technology to Drive Down Client Management Costs

Microsoft Whitepaper: Improve Communications and Collaboration
Intel Article: Intel Core i5 vPro Brings Intelligence to the Processor
Microsoft Personalized Whitepapers and Resources for You
Microsoft Articles: Visual Studio 2010
Adobe Article: Java Developers Finding a Home at Adobe Flex
Microsoft Whitepaper: Make Better Decisions - SQL Server 2008 Business Intelligence.
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Video: How System Center Helps Reduce IT Costs
IBM Cloud Computing for Developers Virtual Event, April 6-8

Microsoft Video: OCS and Exchange: Platform Futures
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

HP PartnerONE | SolutionsINFINITE Visit us at hp.com/partners/us
Iron Speed Designer Application Generator

MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Learn Unified Communications
Learn SQL Server 2008
Learn Windows Server 2008 R2
Internet.com Hot List: Get the Inside Scoop on IT and Developer Products
Learn Forefront

Learn System Center
All About Botnets
Learn SharePoint
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES

RELATED ARTICLES