Print 32 comment(s) - last by BruceLeet.. on Nov 15 at 5:15 PM

Problems with SMB have persisted since Windows 7's RC phase

Windows 7 is arguably much more secure than its predecessor, Windows Vista, with more robust memory protections against attacks and with the wide availability of Microsoft's free antivirus suite, Microsoft Security Essentials.  Many possibly exploitable vulnerabilities were found and removed during the unprecedented public testing phase as well.

However, challenges remain for Windows 7.  A recent report found that the OS's UAC was less robust than Vista's and allowed 7 of 10 pieces of malware to be freely installed.  Now, following Microsoft's monthly Patch Tuesday a familiar problem has returned.

The Windows SMB (Server Message Block) protocol has had problems ever since the discovery during the OS's public testing phase of a supposedly show-stopping bug that could, according to some sources, cause Windows 7 to blue screen.  Now another SMB bug, which throws Windows 7 into an infinite loop forcing a reset, has reared its ugly head.

The bug was publicized by researcher Laurent Gaffie on the Full Disclosure mailing listAccording to Tyler Reguly, Lead Security Research Engineer of security firm nCircle, the vast majority of home users are unlikely to be threatened by the bug.  The bug's main route of attack occurs when you type in the IP of a server in the search box and accidentally navigate to a Windows Share on a malicious server.  As most casual users are unlikely to have a clue how to navigate to server shares or even know what server shares are, chances are they won't be affected.

The vulnerability applies to both Windows 7 and Windows Server 2008 R2.  Currently there are no reports of attacks in the wild, but proof-of-concept attacks have been aired.  One key thing that makes this bug unlikely to be largely used by hackers is that it is unable to grant any sort of system access and can, in essence, only be used to create annoyance -- forcing the user to reset their machine.

It is also extremely easy to block external SMB traffic to rule out the chance of it swamping your machine.  Simply block ports 135 to 139 and 445 on your router or firewall and you'll prevent external SMB traffic from entering your system and potentially causing harm.  While this bug seems relatively harmless, given the history of problems with the SMB since the test candidate phase, it seems a good idea to put these blocks in place if you don't need to use SMB traffic to external sources.

Even if you block the ports, there is still a remote chance that you could be affected, via viewing a webpage in Internet Explorer.  States Mr. Gaffie, "There is an Internet Explorer-based attack vector. By including a file stored on a share in the HTML of the web page the flaw can be triggered. But, once again the result is a denial of service."

Using Firefox, Chrome, Opera, or other third-party browser may help negate this route of attack.

Microsoft is currently investigating the bug.  It bills Windows 7 as its most secure operating system to date and has committed itself to fight tough in the war against malicious users.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Who Cares?
By Ristogod on 11/13/2009 9:32:05 AM , Rating: 5
How is "Found New Exploit In Windows" news anymore? This has been reoccurring for 10+ years or more.

Tomorrows topic, "Sun Rises Yet again!"

RE: Who Cares?
By weskurtz0081 on 11/13/2009 9:35:59 AM , Rating: 5
Yeah, no kidding. As long as you have market share, and someone interested in exploiting it, it doesn't matter what brand name is on the box, exploits will be discovered.

RE: Who Cares?
By chick0n on 11/13/2009 9:38:04 AM , Rating: 5
Just like a Mac. nothing new

IT JUST WORKS ! Oh wait, Bug? no way, Thats the way it is and good luck getting a patch from Apple !

RE: Who Cares?
By harmaton on 11/13/09, Rating: -1
RE: Who Cares?
By weskurtz0081 on 11/13/2009 10:22:57 AM , Rating: 5
Damn, hit a nerve?

RE: Who Cares?
By kamel5547 on 11/13/2009 10:50:08 AM , Rating: 5
His point was valid. He didn't have to use Apple as the example, virtually every piece of software out there is poorly coded, mostly because no one wants to scrap all their code and build a secure design from the ground up. If DailyTech reported every new flaw found in pieces of software you'd have a very hard time finding an actual news story.

You on the other hand are way out of line (IMO), ending your comment where the comma was would have served you well.

RE: Who Cares?
By Murloc on 11/13/2009 12:16:57 PM , Rating: 5
the discussion had to move to macs, otherwise flames would not be hot enough.

RE: Who Cares?
By KCjoker on 11/13/2009 7:33:52 PM , Rating: 2
Yea nobody ever brings up MS in articles about Apple.


RE: Who Cares?
By barjebus on 11/13/2009 10:47:08 AM , Rating: 3
I don't think the fact that X piece of software has new vulnerability Y is news. Its software...I'd go so far as to suggest its inevitable that bugs will be found.

What matters is the severity and the exploit itself. Finding a zero day exploit in Windows isn't news, it was inevitable. The details of the exploit though most definitely is news (I'm happier knowing that this exists rather than remaining ignorant).

Unless you prefer blissful ignorance, I like these news stories.

RE: Who Cares?
By William Gaatjes on 11/15/2009 4:40:15 AM , Rating: 2
I'd go so far as to suggest its inevitable that bugs will be found.

I am happy not everybody thinks like that. Or humanity will fail. For "look at me " items that have to be manufactured as cheap as possible it is inevitable that software flaws arise. Cost cutting decisions to create profit have that effect. However, when it needs to work, it will just work. Proper coding delivers proper material. And the first thing new programmers should learn is that when there is communication, there is a parser checking the format of the used communication protocol. Making sure there are boundaries that cannot be crossed.

RE: Who Cares?
By segerstein on 11/13/2009 1:31:02 PM , Rating: 2
Tomorrows topic, "Sun Rises Yet again!"

You mean Sun Micro?

RE: Who Cares?
By Reclaimer77 on 11/13/2009 3:00:41 PM , Rating: 2
A recent report found that the OS's UAC was less robust than Vista's and allowed 7 of 10 pieces of malware to be freely installed.

What is Micks problem with Windows 7 ?? Every day is an article trying to slam the OS with false information and shoddy testing.

First off, please tell me how 7's UAC is "less robust" then Vistas ?? The only, and I mean ONLY, difference in 7's UAC is that by default it's set one notch lower because of customer complaints. This can easily be changed.

Secondly, the entire premise of the above quote is flawed. Because in the test they KNOWINGLY opened malware. The UAC cannot, and is not meant to, prevent you from knowingly open viruses.

Mick goddamnit, will you please stop with this bullcrap ? Not only is it not accurate, but it's not even NEWS. How can you sleep at night writing this bullshit ?

RE: Who Cares?
By xaders on 11/13/2009 6:28:47 PM , Rating: 1
well, just have something of security software on with windows 7. ill buy windows 7 on all my PC in my household which are all running windows XP now. ill prefer windows 7 pro then home premium one.

now, only have one laptop with windows 7 RC on it. also brought windows 7 student version. it sucks because the direct download doesnt allow create a separate disc. have to pay for it. it is an upgrade. the upgrade terms sucks. microsoft need another way to upgrade. vista was like ME was and windows 7 is what vista is suppose to be or some people called it vista sp3.

RE: Who Cares?
By Reclaimer77 on 11/13/2009 7:43:24 PM , Rating: 2
Actually you can create an ISO from the student download. I did.

Jason Mick
By aebiv on 11/13/2009 9:41:38 AM , Rating: 4
Should really stop posting artcles that contain misleading, and poorly done reports.

The 7 outta 10 "study" was already poked so full of holes it's not even worth mentioning now.

RE: Jason Mick
By ksherman on 11/13/2009 10:25:45 AM , Rating: 1
Swiss cheese has holes and we still use it on our sandwiches ;-)

Its just internet-based sensationalism. And in an article, everyone wants to be able to reference some statistic, makes you sound more believable.

RE: Jason Mick
By icanhascpu on 11/13/2009 10:34:22 AM , Rating: 5
My girlfriend has an open port i regularly exploit.

We dont complain.

RE: Jason Mick
By Donovan on 11/13/2009 11:34:20 AM , Rating: 5
Just watch out for viruses.

RE: Jason Mick
By Alarchy on 11/13/2009 1:23:20 PM , Rating: 2
Or worms.

RE: Jason Mick
By Spuke on 11/13/2009 2:31:58 PM , Rating: 3
We dont complain.
No we don't. :p

RE: Jason Mick
By BruceLeet on 11/15/2009 5:15:25 PM , Rating: 2
I just discovered that when people convert certain objects to sex talk on a tech website its acceptable, try doing this at the bar I frequent.

RE: Jason Mick
By Alarchy on 11/13/2009 10:32:58 AM , Rating: 3
Especially since "A recent report found that the OS's UAC was less robust than Vista's" is completely false (not even IN the article!)

The original article reporting from Sophos made no mention of how the two versions of UAC compared, and even indicated that "Windows 7 retains all of the development processes, including going through the Security Development Lifecycle, and technologies that made Windows Vista the most secure Windows operating system ever released."

Come on.

RE: Jason Mick
By stubeck on 11/13/2009 10:58:57 AM , Rating: 1
Well, at least its slightly more accurate than his recanted article about the unbanning of Xbox 360s he just posted!

RE: Jason Mick
By nafhan on 11/13/2009 11:42:44 AM , Rating: 1
The article is gone so it doesn't count, right? :)

Measure twice, cut once!

"zero day?"
By tastyratz on 11/13/2009 11:10:10 AM , Rating: 1
so was this bug zero day as in a problem that was announced at launch and Jason Mick is just nearly a month late with this weak reach for content article? Or did the term zero day all of a sudden extend to zero month?

zero day means... zero days. Since its not launch day, this is NOT zero day news...

RE: "zero day?"
By MamiyaOtaru on 11/13/2009 11:37:45 AM , Rating: 2
Don't blame Jason for you not knowing what "zero day" means. It doesn't refer to the age of the software being compromised, it refers to how many days the vendor has been aware of the problem.

IE: a vulnerability that gets released into the wild before Microsoft knows about it is a zero day exploit. They've had 0 days to prepare a fix.

RE: "zero day?"
By Donovan on 11/13/2009 11:44:17 AM , Rating: 2
Actually "zero day" means the bug was discovered because malware was already using it, as opposed to cases where the bug is discovered and a race occurs to see if it can be patched before it is exploited. The attack occured on day zero of vendor awareness.

This will always happen..
By StraightCashHomey on 11/13/2009 10:37:10 AM , Rating: 2
Everyone OS that has ever been released and ever will be released is subject to exploits. Unless Microsoft or Apple or whoever it may be decides to hire every person in the WORLD that knows anything about computers, then these exploits will continue to be found.

The most important issue here is that the exploits are getting patched as soon as possible. The second most important issue is that these exploits are discovered infrequently relative to the amount of functionality and coding an operating system has. The more functionality an operating system has, obviously the amount of exploits possible will increase.

I don't think Microsoft or Apple is doing a bad job at fixing their mistakes, though... and compared to what these latest and greatest operating systems can do, I'd say they're both covering their bases quite well.

By StraightCashHomey on 11/13/2009 10:37:47 AM , Rating: 2

By sapiens74 on 11/13/2009 11:34:18 AM , Rating: 3
This is just lies from Job's minions to tarnish the name of the GREATEST OS EVAR!!!!

Or it the lies of the AV companies to get you to buy their overpriced products!!!

Did I mention MACs suck?

How clueless
By Griswold on 11/13/2009 12:25:22 PM , Rating: 2
"Windows 7 is arguably much more secure than its predecessor, Windows Vista..."

Damn it Mick, you're quite clueless on that matter. By default, 7 is much less secure than vista. You can consider it your homework to find out why that is. Hint: its related to UAC.

By amandahugnkiss on 11/13/2009 1:32:17 PM , Rating: 2
"The bug's main route of attack occurs when you type in the IP of a server in the search box and accidentally navigate to a Windows Share on a malicious server." - This seems like a near impossible occurance. How the hell is one supppossed to just 'know' the IP of a malicious server and accidentally attempt to connect after using it as a search term, or accidentally type in the wrong IP address and it be a malicious one. Seems like you would need to start at one end of the pool and work your way through intentionally looking for an unprotected SMB share with bad intentions.

"allowed 7 of 10 pieces of malware to be freely installed" - is a quote from a joke of an article, it is embarrassing that you would reference it as clout for another article, it actually detracts from any other article's credibility.

"People Don't Respect Confidentiality in This Industry" -- Sony Computer Entertainment of America President and CEO Jack Tretton

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki