Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

New flaw could hit Vista and Windows 7

Millions of machines could be at risk

Article comments

A researcher has identified a new vulnerability that could put all organisations using Vista and Windows 7 at great risk.

The flaw lies in a driver used for the Samba file-sharing feature in Windows, said Bojan Zdrnja, a handler for the SANS Internet Storm Center. Exploit code was released around 11.00 yesterday evening (ET), he said.

Zdrnja said he tested the exploit code and it works on fully patched Vista machines running Service Pack 1 or 2 as well as Windows 7. It may also affect Windows Server 2008. When successfully attacked, the exploit will cause the targeted machine to crash.

"You get the blue screen of death," Zdrnja said.

Researchers don't know yet if the flaw is remotely exploitable, he said. Just one malicious packet is needed to crash a machine. Most PCs on internal networks keep port 445 open, which is used for file sharing.

That's dangerous, since if a hacker already has access to a compromised computer within the network, it would be possible to crash all the other machines, Zdrnja said. Administrators should disable access to the port.

Home users usually have that port open, too, Zdrnja said. But for users who join a public Wi-Fi network, Windows will ask if it is a public network and, if it is, then block port 445.

A module for the exploit has already been created for Metasploit, a hacker toolkit used to attack PCs, Zdrnja said.

Microsoft is due to release its five patches on Tuesday, all for "critical" flaws, the company's most severe threat rating. Zdrnja said it's not known if this latest flaw will be addressed.

If it isn't patched on Tuesday, Zdrnja said the flaw is so potentially harmful that he would not be surprised if Microsoft did an off-schedule patch release.

"This is really serious," Zdrnja said. "It can potentially affect a huge number of machines."

The SANS Internet Storm Center has published a short diary entry about the flaw. Microsoft officials did not have an immediate comment but said they were investigating.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *