Microsoft Addresses Prickly Pair of Windows 7 Flaws

Microsoft has released security advisories on two exploits that affect its newest operating system, Windows 7. One flaw could let hackers execute code remotely; the other could let them send a system into a crash spiral. The exploit code has been published on the Web. No fixes contained in Microsoft’s latest Patch Tuesday package, which was issued less than a week ago, targeted Windows 7.

Windows 7, which was publicly released Oct. 22, has been hit by at least two security flaws.

One of these lets hackers execute code remotely; the other lets them trigger an infinite loop remotely, causing a kernel crash.

The Windows 7 Bugs

SMB, or Server Message Block, is a Microsoft (Nasdaq: MSFT) file-sharing protocol used in Windows. It is most often used with the NetBIOS transport protocol over TCP/IP. SMBv2 is a major revision of the SMB protocol, using different packet formats from SMBv1 and adding several enhancements.

Microsoft posted Security Advisory 977544 on Nov. 13, which stated the company is investigating reports of a possible denial of service vulnerability in the SMB protocol. The vulnerability affects Windows 7 running on 32-bit and x64-based systems, and Windows Server 2008 R2 running on x64-based and Intel (Nasdaq: INTC) Itanium-based systems. The vulnerability may be exploited through Web transactions using any browser, the security advisory stated.

However, hackers cannot use the vulnerability to take control of or install malicious software on a user’s system, the advisory noted. Microsoft is developing a security update to address this vulnerability, although it declined comment on how critical this flaw is. “We cannot comment on the severity of the issue at this time,” Dave Forstrom, group manager of public relations for Microsoft Trustworthy Computing, told TechNewsWorld.

This exploit is more of a nuisance than anything else, Wolfgang Kandek, chief technology at Qualys, told TechNewsWorld. It involves tricking an end user to click on a link to a server with a malicious configuration, and it only locks up one machine, he pointed out. “An attacker who goes through the trouble of tricking users to click on a link will use an exploit that allows him to control the target machine after execution,” Kandek explained.

Forstrom would not confirm that the fix was posted in response to Gaffie’s blog.

Redmond also pointed to a National Vulnerability Database listing of a bug in the kernel that lets remote SMB servers cause a denial of service in computers running Windows Server 2008 R2 and Windows 7. This attack comes through an SMBv1 or SMBv2 port containing a NetBIOS header with an incorrect length value, the listing stated.

The kernel flaw is under review for inclusion in the Common Vulnerabilities and Exposure (CVE) section of the National Vulnerability Database.

Lists of Windows Gaffes

Gaffie discovered both flaws while working on other issues with Microsoft and other vendors, he said. He released the information “to make sure Microsoft acknowledges security issues and patch the flaws as soon as possible and with transparency,” he explained.

On Nov. 11, Gaffie published news of denial of service flaw in Windows 7 on his blog. This triggers an infinite loop on SMBv1 or SMBv2, and it is the flaw referred to in the National Vulnerability Database listing.

This bug can be triggered from outside a user’s local area network by hackers using Internet Explorer, Gaffie wrote. “The bug is so noob, it should have been spotted two years ago by theSDL if the SDL had ever existed,” he wrote.

SDL is the Security Development Lifecycle. It is part of Microsoft’s Trustworthy Computing Initiative. “The SDL is useful, and provides more secure software to users, but in this case it failed, as Microsoft probably focused way too much on Internet Explorer and the Office suite, and critical services run with kernel privileges such as SMB are not well covered by this process,” Gaffie said.

Microsoft could have discovered this flaw easily, Gaffie said. “If they’d launched a fuzzer on SMB, they would have found the bug in two minutes,” he explained. Gaffie was referring to fuzz testing, a software testing technique that provides invalid, unexpected or random data to the inputs of a program. File formats and network protocols are the most common targets of fuzz testing.

A SMBv2 flaw that could let attackers remotely crash any machine running Windows Vista or Windows 7 with SMB enabled.

It’s All Par for the Course

Software development is a process, Microsoft’s Forstrom said. “It’s impossible to completely prevent all vulnerabilities during software development. Microsoft’s SDL process is intended to reduce the number of vulnerabilities in software as well as reduce the severity and impact of the ones that occur,” he explained.

“There will always be security problems in any operating system,” Michael Cherry, senior analyst at Directions on Microsoft, told TechNewsWorld. “There’s a real tendency with Windows 7 right now to analyze it to death. It’s been less than a month since its release. We need to let a year go by before we come to any conclusions.”

3 Responses to “Microsoft Addresses Prickly Pair of Windows 7 Flaws”
  1. techwoo says:

    Microsoft Addresses Prickly Pair of Windows 7 Flaws .Thanks for nice post.I added to my twitter.

  2. Stomssocously says:

    Just want to say what a great blog you got here!
    I’ve been around for quite a lot of time, but finally decided to show my appreciation of your work!

    Thumbs up, and keep it going!


  3. Stomssocously says:

    Just want to say what a great blog you got here!
    I’ve been around for quite a lot of time, but finally decided to show my appreciation of your work!

    Thumbs up, and keep it going!

    Christian,Earn Free Vouchers / Cash

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: