Star Windows 7, Vista Suffer from Critical SMB 2.0 Flaw
Linked by Thom Holwerda on Tue 8th Sep 2009 21:58 UTC
Windows We usually don't report on security flaws, unless they're on platforms that usually don't see such flaws, or when the flaw in question is pretty serious. Well, a new zero-day flaw has been discovered in Windows Vista and Windows 7 which will trigger a blue screen of death using the new SMB 2.0 protocol. Update: Windows 7 RTM and Windows Server 2008 R2 are not affected by the flaw. So, this is less of a problem than expected.
E-mail Print r 0   · Read More · 23 Comment(s) http://osne.ws/h2s
Permalink for comment 382944
To read all comments associated with this story, please click here.
RE: ha
by n4cer on Wed 9th Sep 2009 00:39 UTC in reply to "ha"
n4cer
Member since:
2005-07-06

I saw this exploit and went "LOLWUT?" I tried it on the Group Policy "Windows" guy's lab systems who work next to me and watched 5 VM's BSOD.. I ROFL'ED... R . O . F . L 'ed sir. Way to go Microsoft... I wonder if Windows 2008 suffers from this also. I have a sudden urge to go into #microsoft in IRC and start blasting that python script at people ;)


That would likely be ineffective since neither Vista nor 7 allow SMB traffic from public networks by default. This attack would likely be limited to LANs or misconfigured systems.

As a followup, this flaw could provide incentive to avoid (or double-check) leaked/torrented builds as it's pretty easy to create a modified image that allowed SMB through the firewall by default. A naive user may think their downloaded build has the same security as the official distribution.

Edited 2009-09-09 00:51 UTC

Reply Parent Bookmark Score: 6