Welcome | Sign In
TechNewsWorld.com
Exploits & Vulnerabilities

Microsoft Addresses Prickly Pair of Windows 7 Flaws

Print Version
E-Mail Article
Reprints
Microsoft Addresses Prickly Pair of Windows 7 Flaws

By Richard Adhikari
TechNewsWorld
11/16/09 11:55 AM PT

Microsoft has released security advisories on two exploits that affect its newest operating system, Windows 7. One flaw could let hackers execute code remotely; the other could let them send a system into a crash spiral. The exploit code has been published on the Web. No fixes contained in Microsoft's latest Patch Tuesday package, which was issued less than a week ago, targeted Windows 7.


Time to upgrade your existing phone system?
Which solution will best suit your business? This free 4-part guide will help you evaluate whether your current phone system is suitable for your needs and how it may impact future growth. Learn more.

Windows 7, which was publicly released Oct. 22, has been hit by at least two security flaws.

One of these lets hackers execute code remotely; the other lets them trigger an infinite loop remotely, causing a kernel crash.

Both are flaws in SMBv2, security researcher Laurent Gaffie, who posted details about them on his blog, told TechNewsWorld.

The Windows 7 Bugs

SMB, or Server Message Block, is a Microsoft (Nasdaq: MSFT) file-sharing protocol used in Windows. It is most often used with the NetBIOS transport protocol over TCP/IP. SMBv2 is a major revision of the SMB protocol, using different packet formats from SMBv1 and adding several enhancements.

Microsoft posted Security Advisory 977544 on Nov. 13, which stated the company is investigating reports of a possible denial of service vulnerability in the SMB protocol. The vulnerability affects Windows 7 running on 32-bit and x64-based systems, and Windows Server 2008 R2 running on x64-based and Intel (Nasdaq: INTC) Itanium-based systems. The vulnerability may be exploited through Web transactions using any browser, the security advisory stated.

However, hackers cannot use the vulnerability to take control of or install malicious software on a user's system, the advisory noted. Microsoft is developing a security update to address this vulnerability, although it declined comment on how critical this flaw is. "We cannot comment on the severity of the issue at this time," Dave Forstrom, group manager of public relations for Microsoft Trustworthy Computing, told TechNewsWorld.

This exploit is more of a nuisance than anything else, Wolfgang Kandek, chief technology at Qualys, told TechNewsWorld. It involves tricking an end user to click on a link to a server with a malicious configuration, and it only locks up one machine, he pointed out. "An attacker who goes through the trouble of tricking users to click on a link will use an exploit that allows him to control the target machine after execution," Kandek explained.

Forstrom would not confirm that the fix was posted in response to Gaffie's blog.

Redmond also pointed to a National Vulnerability Database listing of a bug in the kernel that lets remote SMB servers cause a denial of service in computers running Windows Server 2008 R2 and Windows 7. This attack comes through an SMBv1 or SMBv2 port containing a NetBIOS header with an incorrect length value, the listing stated.

The kernel flaw is under review for inclusion in the Common Vulnerabilities and Exposure (CVE) section of the National Vulnerability Database.

Gaffie Lists Windows Gaffes

Gaffie discovered both flaws while working on other issues with Microsoft and other vendors, he said. He released the information "to make sure Microsoft acknowledges security issues and patch the flaws as soon as possible and with transparency," he explained.

On Nov. 11, Gaffie published news of denial of service flaw in Windows 7 on his blog. This triggers an infinite loop on SMBv1 or SMBv2, and it is the flaw referred to in the National Vulnerability Database listing.

This bug can be triggered from outside a user's local area network by hackers using Internet Explorer, Gaffie wrote. "The bug is so noob, it should have been spotted two years ago by the SDL if the SDL had ever existed," he wrote.

SDL is the Security Development Lifecycle. It is part of Microsoft's Trustworthy Computing Initiative. "The SDL is useful, and provides more secure software to users, but in this case it failed, as Microsoft probably focused way too much on Internet Explorer and the Office suite, and critical services run with kernel privileges such as SMB are not well covered by this process," Gaffie said.

Microsoft could have discovered this flaw easily, Gaffie said. "If they'd launched a fuzzer on SMB, they would have found the bug in two minutes," he explained. Gaffie was referring to fuzz testing, a software testing technique that provides invalid, unexpected or random data to the inputs of a program. File formats and network protocols are the most common targets of fuzz testing.

On Sept. 7, Gaffie had posted news about an SMBv2 flaw that could let attackers remotely crash any machine running Windows Vista or Windows 7 with SMB enabled.

It's All Par for the Course

Software development is a process, Microsoft's Forstrom said. "It's impossible to completely prevent all vulnerabilities during software development. Microsoft's SDL process is intended to reduce the number of vulnerabilities in software as well as reduce the severity and impact of the ones that occur," he explained.

"There will always be security problems in any operating system," Michael Cherry, senior analyst at Directions on Microsoft, told TechNewsWorld. "There's a real tendency with Windows 7 right now to analyze it to death. It's been less than a month since its release. We need to let a year go by before we come to any conclusions."

Print Version E-Mail Article Reprints More by Richard Adhikari

Talkback: Be the first to comment on this story.

More by Richard Adhikari

Nvidia Optimus Gives Laptops a Graphical Gearshift
February 09, 2010
For gamers or anyone else using a computer for heavy graphics work, a discreet graphics card is a must-have. For laptop users, though, discreet graphics can be a real drain on battery power. Nvidia's new Optimus technology is able to discern which types of applications need the heavy-duty hardware and which can be handled by the integrated graphics processor, then smoothly transitions between the two, saving power. 		Cisco Guns for Burgeoning Government Security Market
February 09, 2010
Former White House cybersecurity advisor Melissa Hathaway has been appointed as a consultant for Cisco to facilitate cooperation between the company and the federal government. With Hathaway's appointment, Cisco is taking what appears to be a stronger, lobbyist-style approach to getting government business, said Rob Enderle, principal analyst at the Enderle Group. 		IBM Taps Green Power With New Chips, Servers
February 08, 2010
IBM's new Power7 processors provide the foundation for several new Unix server offerings from the company. Each Power7 processor has up to eight cores and four threads per core. Power7 also features "TurboCore" mode and has "intelligent threads," meaning the number of threads varies depending on the workload.
Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]
Shortcuts
> Get Business and Technology News Alerts
> Most Popular | Spotlight Features | Exclusives
> This Week on ECT News Network | Podcasts
> WiFi Hotspot Locator
> Inside TechNewsWorld
TechNewsWorld
E-Commerce Times
MacNewsWorld
CRM Buyer
LinuxInsider
Today's TechNewsWorld Sponsors
Secure Your Datacenter
Mitigate risk and maximize the benefits of virtualization. Get the free eBook today.
Data Deposit Box Online Storage
Sign up for a 2 week free trial and start earning recurring revenue today.
ECT News Network Information
Reader Services
Corporate
ECT News Network
Terms of Service | Privacy Policy | How To Advertise
Copyright 1998-2010 ECT News Network, Inc. All Rights Reserved.