Windows 7 will be available to the public in October. It’s chocked full of new features and sports a modern look and feel, but beta tester Laurent Gaffie has identified a serious vulnerability lurking in the colorful background.
This particular vulnerability, SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D., is considered Medium to High severity. It’s triggered when “SRV2.SYS fails to handle malformed SMB headers for theĀ functionality,” says Gaffie.
The flaw lies in a Server Message Block 2 (SMB2) driver and allows hackers to deploy a remote attack that could cause the infamous “blue screen of death” critical system error on both the 32-bit and 64-bit versions of Windows 7 OS. Other comments on Gaffie’s blog indicate that the flaw puts your computer at risk of a Dos attack and could lead to remote code execution.
Gaffie contacted Microsoft; they are investigating the report, but have no ETA on a patch. In the meantime, users can switch off the Server Message Block (SMB) feature or block TCP ports 139 and 445 at the firewall for protection.
This entry was posted on Friday, September 11th, 2009 at 9:00 am and is filed under Cloud Hosting. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
