Microsoft admits Windows 7 security bugs



Microsoft has promised to patch a flaw in Windows Vista and 7 that could allow hackers to take complete control of the machine.

The company was alerted to the flaw after security researcher Laurent Gaffie produced exploit code which showed how Microsoft's SMB2 network file and print-sharing protocol could be hacked to allow attackers to hijack the machine.

The exploit was initially used to bring on the dreaded blue screen of death, however Microsoft later admitted that it could also be used to remotely execute malicious code on vulnerable machines.

"An attacker who successfully exploited this vulnerability could take complete control of an affected system," says Microsoft's advisory. "Most attempts to exploit this vulnerability will cause an affected system to stop responding and restart."

Versions of Windows older than Vista do not use SMB2 and remain unaffected by the threat. Microsoft also claims that while the release candidates of Windows 7 and Windows Server 2008 R2 are vulnerable, RTM editions are not.

Microsoft claims it is working on a patch, but has not confirmed when it will be made available. Until then, the company is recommending that users disable SMB2 by editing the Windows Registry. If that's beyond you, it also suggests blocking TCP ports 139 and 445 at the firewall.

This latter method will also bring several important services and applications, including the browser, screeching to a halt, Microsoft admits.

The flaw is the second embarrassing vulnerability the company is being forced to deal with. Earlier in the month, Microsoft admitted it was investigating a critical vulnerability in Internet Information Services (IIS) server, after a hacker posted exploit code to the milw0rm.com site.

Bookmark and Share

Comments :

0 comments to “Microsoft admits Windows 7 security bugs”
 

Privacy Policy

Privacy Policy by hbailla Privacy Policy for My Blog. The privacy of our visitors to my blog is important to us. At my blog, we recognize that privacy of your personal information is important. Here is information on what types of personal information we receive and collect when you use and visit my blog, and how we safeguard your information. We never sell your personal information to third parties. We use third party advertisements on my blog to support our site. Some of these advertisers may use technology such as cookies and web beacons when they advertise on our site, which will also send these advertisers (such as Google through the Google AdSense program) information including your IP address, your ISP , the browser you used to visit our site, and in some cases, whether you have Flash installed. This is generally used for geotargeting purposes (showing New York real estate ads to someone in New York, for example) or showing certain ads based on specific sites visited (such as showing cooking ads to someone who frequents cooking sites).
scout national du maroc