Windows 7, Vista Suffer from Critical SMB 2.0 Flaw
Linked by Thom Holwerda on Tue 8th Sep 2009 21:58 UTC
Windows We usually don't report on security flaws, unless they're on platforms that usually don't see such flaws, or when the flaw in question is pretty serious. Well, a new zero-day flaw has been discovered in Windows Vista and Windows 7 which will trigger a blue screen of death using the new SMB 2.0 protocol. Update: Windows 7 RTM and Windows Server 2008 R2 are not affected by the flaw. So, this is less of a problem than expected.
E-mail Print r 0   · Read More · 23 Comment(s) http://osne.ws/h2s
Order by: Score:
Add Comment Post a Comment
Works great
by Bit_Rapist on Tue 8th Sep 2009 22:05 UTC
Bit_Rapist
Member since:
2005-11-13

It works just peachy. I ran the python script on my mac and was able to take down my Windows 7 machine quite easily ;)

Reply Score: 4

Eye candy
by Eddyspeeder on Tue 8th Sep 2009 22:14 UTC
Eddyspeeder
Member since:
2006-05-10

What, we don't get to see a screenshot?

*puzzled stare*

Reply Score: 2

RE: Eye candy
by UZ64 on Wed 9th Sep 2009 00:42 UTC in reply to "Eye candy"
UZ64 Member since:
2006-12-05

What, we don't get to see a screenshot?

*puzzled stare*

http://macdailynews.com/index.php/weblog/comments/22329/

Second image down. :p

Reply Score: 5

Or it's a really good...
by mrhasbean on Tue 8th Sep 2009 22:15 UTC
mrhasbean
Member since:
2006-04-03

...time for it to become known, right BEFORE Windows 7 is released. At least Microsoft now has an opportunity to patch it before it is officially released, and download that patch during the initial setup process...

Reply Score: 5

RE: Or it's a really good...
by kallisti5 on Tue 8th Sep 2009 22:36 UTC in reply to "Or it's a really good..."
kallisti5 Member since:
2009-09-08

yeah.. they should of waited till post windows 7... oh well ;)

Reply Score: 1

RE[2]: Or it's a really good...
by mckill on Tue 8th Sep 2009 23:41 UTC in reply to "RE: Or it's a really good..."
mckill Member since:
2007-06-12

yeah.. they should of waited till post windows 7... oh well ;)


it doesn't matter, it's too late for Microsoft to patch any of this. they've already labeled and sent off their build as RTM. that doesn't stop them from releasing a windows update, which i assume will be pretty fast.

Reply Score: 1

ha
by kallisti5 on Tue 8th Sep 2009 22:35 UTC
kallisti5
Member since:
2009-09-08

I saw this exploit and went "LOLWUT?"

I tried it on the Group Policy "Windows" guy's lab systems who work next to me and watched 5 VM's BSOD.. I ROFL'ED... R . O . F . L 'ed sir.

Way to go Microsoft... I wonder if Windows 2008 suffers from this also.

I have a sudden urge to go into #microsoft in IRC and start blasting that python script at people ;)

Reply Score: 3

RE: ha
by n4cer on Wed 9th Sep 2009 00:39 UTC in reply to "ha"
n4cer Member since:
2005-07-06

I saw this exploit and went "LOLWUT?" I tried it on the Group Policy "Windows" guy's lab systems who work next to me and watched 5 VM's BSOD.. I ROFL'ED... R . O . F . L 'ed sir. Way to go Microsoft... I wonder if Windows 2008 suffers from this also. I have a sudden urge to go into #microsoft in IRC and start blasting that python script at people ;)


That would likely be ineffective since neither Vista nor 7 allow SMB traffic from public networks by default. This attack would likely be limited to LANs or misconfigured systems.

As a followup, this flaw could provide incentive to avoid (or double-check) leaked/torrented builds as it's pretty easy to create a modified image that allowed SMB through the firewall by default. A naive user may think their downloaded build has the same security as the official distribution.

Edited 2009-09-09 00:51 UTC

Reply Score: 6

RE: ha
by Bending Unit on Wed 9th Sep 2009 14:52 UTC in reply to "ha"
Bending Unit Member since:
2005-07-06

I'm sure this is a great opportunity for people who find happiness in others misfortune. Lets teach those windows users eh?

Reply Score: 4

Windows 7 RTM not effected?
by Flemingo on Wed 9th Sep 2009 00:59 UTC
Flemingo
Member since:
2009-09-09

Although both Vista and Windows 7 may share the same SMB. According to Microsoft Security Response Center:

"Our investigation has shown that Windows Vista, Windows Server 2008 and Windows 7 RC are affected by this vulnerability. Windows 7 RTM, Windows Server 2008 R2, Windows XP and Windows 2000 are not affected by this vulnerability"."

Source:
http://blogs.technet.com/msrc/archive/2009/09/08/microsoft-security...

---

and did OSnews check if its working on Windows 7 all versions as you say RTM or not? Since even heise security, a security research firm says it had no apparent effect on Windows 7:

http://www.h-online.com/security/Hole-in-Windows-Vista-and-7-allows...

Please check.

Reply Score: 3

And now it is patched
by modmans2ndcoming on Wed 9th Sep 2009 01:09 UTC
modmans2ndcoming
Member since:
2005-11-09

So there.

Reply Score: 2

Not important
by 3rdalbum on Wed 9th Sep 2009 03:41 UTC
3rdalbum
Member since:
2008-05-26

This flaw doesn't really matter. It's not a schoolboy programming error. It's not a ridiculously bad architectural design. The timing is somewhat awkward, but the patch will come through in the first Windows 7 updates, and most businesses won't switch to Win 7 until Service Pack 1 (or they will stick with XP until kingdom come).

Reply Score: 2

Comment by gbil
by gbil on Wed 9th Sep 2009 05:14 UTC
gbil
Member since:
2008-01-05

I'm trying this on the test pcs we have at work with win7 RTM and nothing happens. We'll do some more tests but I guess all these reactions are exaggerated.

Reply Score: 2

RE: Comment by gbil
by gbil on Wed 9th Sep 2009 05:57 UTC in reply to "Comment by gbil"
gbil Member since:
2008-01-05

An update, I haven't been able to crash windows 7 machines but I easily crash windows vista with all updates!

Thats a very big problem and I'm happy my org hasn't fully endorsed windows vista.

Reply Score: 1

Any editing?
by Flemingo on Wed 9th Sep 2009 08:07 UTC
Flemingo
Member since:
2009-09-09

Is the article going to be edited? Only Windows 7 RC is effected, not RTM.

Reply Score: 1

RE: Any editing?
by Thom_Holwerda on Wed 9th Sep 2009 08:27 UTC in reply to "Any editing?"
Thom_Holwerda Member since:
2005-06-29

It has been edited two hours ago...

Reply Score: 1

Well
by liamdawe on Wed 9th Sep 2009 08:35 UTC
liamdawe
Member since:
2006-07-04

Looks like this is basically a non-issue ;)

Reply Score: 1

Not so serious?
by steogede2 on Wed 9th Sep 2009 10:53 UTC
steogede2
Member since:
2007-08-17

>> Update: Windows 7 RTM and Windows Server 2008 R2 are not affected by the flaw. So, this is less of a problem than expected.

So it only effects recent MS desktop operating systems which are available to the general public? Thank goodness for that, you had me worried for a moment.

Reply Score: 3

Comment by daedalus8
by daedalus8 on Wed 9th Sep 2009 16:37 UTC
daedalus8
Member since:
2008-03-10

Test your code against RTM and see if it works. I haven't done so yet. But after seeing the notepad awesomeness and now SMB.. I think that Adobe/CA(Computer Associates) can rest assured that they will never have the most crappy software design.

I leave you guys with some ASM code to test out. This is not a BSOD issue, it's a Remote Exploit. A hax0r can take over your machine, so it's a bit more than just making it unavailable.. I smell botnets!!!

http://www.reversemode.com/index.php?option=com_mamblog&Itemid=15&t...

Reply Score: 1

RE: Comment by daedalus8
by PlatformAgnostic on Thu 10th Sep 2009 05:39 UTC in reply to "Comment by daedalus8"
PlatformAgnostic Member since:
2006-01-02

What's this "notepad awesomeness"?

Reply Score: 2

RE[2]: Comment by daedalus8
by Slambert666 on Thu 10th Sep 2009 12:48 UTC in reply to "RE: Comment by daedalus8"
Slambert666 Member since:
2008-10-30

What's this "notepad awesomeness"?


On 7 Notepad does not need UAC elevation (it is elevated by default). So you can inject code into the Notepad process and have it auto elevate (if you are so inclined).

Reply Score: 1

RE[3]: Comment by daedalus8
by PlatformAgnostic on Thu 10th Sep 2009 15:25 UTC in reply to "RE[2]: Comment by daedalus8"
PlatformAgnostic Member since:
2006-01-02

Notepad is not on the auto-elevate list. I just tried opening a file in notepad that I don't have access to except with an admin token, and it failed (there was no auto-elevation). Do you happen to know what I have to do to cause Notepad to auto-elevate?

Reply Score: 2

Confirmed Win7 RTM NOT affected
by deathshadow on Thu 10th Sep 2009 09:08 UTC
deathshadow
Member since:
2005-07-12

... or at least my MSDN install appears to be immune. I just tested it locally against build 7100, and sure enough it shuts it down...

So beta bad, RTM ok... so at this point the only people at risk are vista users - big deal. ;)

Reply Score: 2

Add Comment Post a Comment