The First Windows 7 Zero-Day Exploit

xploraiswakco writes with the first Microsoft-confirmed Windows 7 zero-day vulnerability, with a demonstration exploit publicly available. The problem is in SMBv2 and SMBv1 and affects Windows 7 and Windows Server 2008 R2, but not Vista, XP, or Windows Server 2003. A maliciously crafted URI could hard-crash affected machines beyond any remedy besides pushing the white button. "Microsoft said it may patch the problem, but didn't spell out a timetable or commit to an out-of-cycle update before the next regularly-scheduled Patch Tuesday of December 8. Instead, the company suggested users block TCP ports 139 and 445 at the firewall." Reader xploraiswakco adds, "As important as this the mentioned article is, it should also be pointed out that any IT staff worth their pay packet should already have port 139 blocked at the firewall, and probably port 445, too."

How is this zero-day?

[DNS-and-BIND]

The zero-day vulnerability was first reported by Canadian researcher Laurent Gaffie last Wednesday

OK the exploit is almost a week old already. How is this "zero-day"? In the immortal words of Inigo Montoya: "You keep using that word. I do not think it means what you think it means."

Re:How is this zero-day?

A zero day exploit is an exploit that exists before the developers of the application are aware of the bug/flaw being exploited. It does not seem unreasonable to keep refering to it as a zero day exploit even after the details of the bug and exploit have been published, how else would you refer to it, e.g. "the exploit formerly known as zero day";

Re:How is this zero-day?

[DMiax]

Nope! It's the number of days between the release date and today.

I find little use in a definition that depends on today's date. Especially because I can read articles from saturday and they will call it 3-day, which gives me no information.

A zero-day exploit is one that is created before a fix is available. It is more severe than others because no version of the target software is safe, even if it is constantly updated. Any security expert knows the implications of this, and how to take it into account when assessing the risks.

Ball kicking time

[Rogerborg]

Don't they do code reviews at Microsoft? Loops 101: prove that the loop terminates under all conditions, even and especially when passed garbage.

Seriously, that's the difference between a hacker and a software engineer right there. If you don't take the time to fix it early, you'll just have to fix it later.

Re:Ball kicking time

Well, the key word here is "significant proportion", which uses to mean "no application works 100% of the time". For example, when I tried ReactOS it crashed in QEMU. Not even in real hardware.

Yes, an operating system of today needs to be complicated. There are complicated standards, complicated compatibility problems, complicated hardware, complicated performance requirements... No, there's no easy way around that.

I've programmed toy operating systems. It isn't easy, and that's just the kernel. Now I have a lot of respect for kernel and system hackers.

pushing the white button?? what does that mean?

[DigitalReverend]

The summary states "A maliciously crafted URI could hard-crash affected machines beyond any remedy besides pushing the white button."

I checked all the Windows machines here. None of them have a white button on them anywhere. What does this mean? Does the poster just mean powering the machine off and then on again?

Too many times on Slashdot, when people should be informative, they obfuscate the information it in failed attempts at being clever.

Re:Are you trolling?

[MrNaz]

So you're saying that it can only be described as zero day on that day, and thereafter it cannot be called a zero day exploit, but a n-day exploit where n is the number of days since it was announced?

Sorry, but while you may be *lexically* correct, I think everyone with two brain cells that are on talking terms knows what is being referred to by a "zero day" exploit, even when referring to an exploit not released on that day.

Erm... no. Not quite.

[jimicus]

"As important as this the mentioned article is, it should also be pointed out that any IT staff worth their pay packet should already have port 139 blocked at the firewall, and probably port 445. too."

I respectfully disagree.

Any IT staff worth their pay packet should have EVERYTHING blocked at the firewall, then open holes for things that you can be certain you need. Ideally, those holes don't go direct to systems on the company LAN but instead to a DMZ.

IT staff?

[Shotgun]

Reader xploraiswakco adds, "As important as this the mentioned article is, it should also be pointed out that any IT staff worth their pay packet should already have port 139 blocked at the firewall, and probably port 445. too."

The reader xploraiswakco needs to pull his head out of that dark place and realize that my wife doesn't have an IT staff (I refuse to do Windows). I would even dare to say that most people don't have an IT staff at home. It's a stretch, I know, But I'm the kind of guy that takes chances like that.

Does reader xploraiswakco carry an IT staff with him in case he needs to use a wifi hotspot some place?

Re:IT staff?

[Shotgun]

Ok, pisshead .

Windows 7 is firewalled...out of the box even. Unless of course, she wants to USE the functionality that was advertised.

Now, explain to us why me not taking the time to learn an operating system that wasn't fit for the trash bin 10 years ago makes me an "inconsiderate dick"? Why should I spend one more minute on the products of a company that has done nothing but hold back the advancement of personal computing when I have a perfectly good product that cost me nothing and gives me the power to use MY computer the way I want to use MY computer? Why does recommending that she use something that I can support make me a "worthless jackass"? Why would my worth as a husband hinge solely on my willingness to follow the likes of you into being a Microsoft shill?

She bought a Mercedes. I advised against it, because I can't work on it. Mercedes requires a lot of special tools. I bought an Atlas lathe and which she advised against, and she won't work on it with me. She doesn't like to do things mechanical. Am I to assume you'd thing that makes her a worthless asshole? You see, dickwad, out here in the real world, we call that "communication".

Your attitude and familiarity with something called "Realdoll" leads me to believe that you are a smelly, middle-aged loser without a clue how to live in harmony with another person.

Now that we have the ridiculous personal attacks out of the way, let's fall back to discussing the original post that I responded to.

any IT staff worth their pay packet should already have port 139 blocked at the firewall

It would be a valid consideration, except that Windows 7 is foisted on the public through retail channels for a ridiculously high sum of money with no mention that a professional staff is required to use it properly. Luckily, you've let us all know that parts of the system being sold are automatically blocked. In any other industry that is called "not being fit for the use for which it was sold." A less flattering description is false advertisement.

Now you can go back to playing with your Realdoll.