toggle

AAPL Stock: 113.74 ( + 0.45 )

Printed from http://www.macnn.com

Windows 7 allows remote blue-screen attacks [U]

updated 11:50 am EDT, Tue September 8, 2009

Windows 7 returns remote BSOD

(Updated with Microsoft advisory) Windows 7 when it ships next month will be vulnerable to an attack that hasn't been possible since 1999, a new vulnerability found by a security researcher shows. Sending a deliberately malformed network negotiation request can force a Windows 7 system into a page fault that triggers a "blue screen of death" error, even without the user's help in launching the code. The attack affects both 32-bit and 64-bit versions of the OS.

The flaw stems from the rewritten network stack inherited from Vista, which itself has also been discovered as vulnerable to the attack. Although Microsoft had patched the exploits out of Windows 2000 and XP, the complete overhaul is now thought to reintroduce a problem that hasn't existed since earlier Windows releases.

Microsoft has been told of the exploit but hasn't yet released a patch; users of the newer operating systems are being asked to switch off the Server Message Block (SMB) feature or block its access entirely until a fix is available.

The attack comes at a particularly inopportune time for Microsoft, as it has been trying to market Windows 7 as its most secure release and is in the rare circumstance of having to compete against another major operating system release, Mac OS X Snow Leopard. Apple's software isn't necessarily more secure but typically hasn't been vulnerable to remote attacks that disable the system and has gotten more secure with the latest release, whose 64-bit memory space prevents certain kinds of memory attacks from working properly.

Update: Microsoft has issued an advisory that claims the finished versions of Windows 7 and Windows Server 2008 R2 aren't affected, but Windows Vista remains compromised.




by MacNN Staff

toggle

Comments

  1. jpellino

    Joined: Dec 1969

    +7

    New Slogan:

    "The Windows Vista look you love, the Windows ME bugs you crave!"

  1. climacs

    Joined: Dec 1969

    0

    New Slogan part deux:

    "The paying for betaware which you remember so fondly from Vista!"

  1. slapppy

    Joined: Dec 1969

    +3

    Without user intervention

    Without user intervention, action, heck just looking at the site screws up Windows 7? What a POS! LOL

  1. DeezNutts

    Joined: Dec 1969

    +4

    Works a treat


    I just tested this with some python script from my Mac Mini, BSOD'ed my Windows 7 laptop the moment I ran the script the first time. Works like a champ. lol.

    This appears to not work over a WAN like the internet, but works on the LAN side. Still has use though and I can see 'playing' with some of our Win Vista/7 users at work :)

  1. Mr. Strat

    Joined: Dec 1969

    -2

    All I can say is...

  1. ricardogf

    Joined: Dec 1969

    +1

    New Slogan part trois:

    "Windows 7, because Testudo loves a BSOD"

  1. gitcypher

    Joined: Dec 1969

    +4

    Hmmm

    That makes me want to keep my wireless net open. Anyone who abuses my bandwidth with get a swift BSOD care of me.

  1. lrojas

    Joined: Dec 1969

    +1

    Awsome!

    Does this mean, we get to launch trumpet a couple of times more again? ohh please, someone remake trumpet again!

  1. testudo

    Joined: Dec 1969

    +3

    Wrong

    Windows 7 when it ships next month will be vulnerable to an attack that hasn't been possible since 1999, a new vulnerability found by a security researcher shows.The flaw stems from the rewritten network stack inherited from Vista, which itself has also been discovered as vulnerable to the attack.

    Um, if it occurs in Windows Vista, doesn't that make the whole statement false? It's been possible to do this, apparently, since 2007 (or 2006, whenever Vista came out).

  1. hardmanb

    Joined: Dec 1969

    -1

    Same old leaky Windows

    "Windows 7 when it ships next month will be vulnerable to an attack that hasn't been possible since 1999, a new vulnerability found by a security researcher shows," Electronista reports.

    http://www.electronista.com/articles/09/09/08/windows.7.returns.remote.bsod/

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...

MSI Geforce GTX 970 100ME

When Nvidia announced a new line of video cards in September 2014, many people thought things would continue to be business as usual i ...

Wren V5US Wireless Sound System

If you're a music fanatic, chances are you are, by extension, a bit fanatical about what you listen to your music on. If you're like ...

toggle

Most Commented