Slashdot Mirror


The First Windows 7 Zero-Day Exploit

xploraiswakco writes with the first Microsoft-confirmed Windows 7 zero-day vulnerability, with a demonstration exploit publicly available. The problem is in SMBv2 and SMBv1 and affects Windows 7 and Windows Server 2008 R2, but not Vista, XP, or Windows Server 2003. A maliciously crafted URI could hard-crash affected machines beyond any remedy besides pushing the white button. "Microsoft said it may patch the problem, but didn't spell out a timetable or commit to an out-of-cycle update before the next regularly-scheduled Patch Tuesday of December 8. Instead, the company suggested users block TCP ports 139 and 445 at the firewall." Reader xploraiswakco adds, "As important as this the mentioned article is, it should also be pointed out that any IT staff worth their pay packet should already have port 139 blocked at the firewall, and probably port 445, too."

9 of 289 comments (clear)

  1. Re:I have to ask by Anonymous Coward · · Score: -1, Troll

    you just copy comments you fucking troll

  2. Re:Are you trolling? by webmistressrachel · · Score: -1, Troll
    You obviously have some stake in implying that 0day is still 0day several days later, even though it really is ONLY EVER 0day on that day! On following days, it was a 0day but by that definition all exploits will always be 0day and the term loses it's meaning.

    You are re-writing our language. In a years' time, will you say the same weaselly thing about our brain cells to people who simply correct (i.e. read "help") you? And it's not one comment, is the GGP as well. Yeah, I've been defensive here on /. before, but that comment is worse than my normal paranoia - your plain wrong and here I am putting it right for you. Space below is for your reply, perhaps it'll be "thanks". Rachel xx

    --
    This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen
  3. Re:How is this zero-day? by DNS-and-BIND · · Score: -1, Troll
    Aaahh...you're a security "expert". Perhaps you can explain how a fix is created before the exploit is released? I've forgotten just how easy this is.

    Refer to Inigo Montoya above as needed. Apply to forehead if necessary.

    --
    Shutting down free speech with violence isn't fighting fascism. It IS fascism!
  4. Re:How is this zero-day? by DNS-and-BIND · · Score: -1, Troll
    I bow you you sir, I have decisively lost this argument. I promise to be more trusting of security professionals in the future. I will assume that they know what they're talking about and will refrain from questioning them. Words mean what they want them to mean and not what the rest of the world thinks that they mean. Particularly, I will not be a sarcastic douchebag as security professionals never take that role, especially when posting anonymously on Slashdot.

    PS how, exactly, would a malicious third party patch a bug? If you can't tell me for security reasons it's OK, I trust you. You're a security professional!

    --
    Shutting down free speech with violence isn't fighting fascism. It IS fascism!
  5. Re:on or before the vendor knows about it by DNS-and-BIND · · Score: 0, Troll

    Uh, dude? Infallible Wikipedia? Surely you can't be serious.

    --
    Shutting down free speech with violence isn't fighting fascism. It IS fascism!
  6. Re:Are you trolling? by webmistressrachel · · Score: -1, Troll

    Troll?? Troll??!! Do the mods actually ever look at the context here on /.? I'm biting the troll you idiot, there's a serious point in there and HE was the one who insulted the intelligence of somebody who corrected him, correctly (that doesn't look right... but it says what I mean!) with the "two brain cells" thing and I stuck up for the poor biter by, er, biting! Come on mods, look at my posting history, I'm a biter and a ranter, not a troll, yet you'd think I was the creator of goatse the way I get modded down for insightful, often factual (but admittedly sometimes offtopic) posts. I can think of two deliberate trolls I perpetrated here, and they were modded up!!

    --
    This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen
  7. Re:OMG what if my computer doesnt have a white but by Mr_Miagi · · Score: 0, Troll

    Buy an Apple... Sort of solves two problems, doesn't it?

  8. Windows only for corporations, not users by SuperKendall · · Score: 0, Troll

    ...but what about home users?

    It's an admission that home users should not be running WIndows. You'd think a few decades would have been enough to figure that out...

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  9. Re:IT staff? by BitZtream · · Score: 0, Troll

    Unfortunately, your wife married an ignorant asshole.

    Since Windows 7 has this firewalled safely out of the box for public networks your wife is fortunate.

    Of course if you weren't so busy telling every how you're so good at being an unhelpful, inconsiderate dick you'd have spent 3 minutes to do some investigation to know that rather than leaving her to wonder.

    Your attitude and low slashdot id leads me to believe that by 'wife' you mean Realdoll since I find it unlikely anyone would stay married to such a worthless jackass.

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager