Microsoft Confirms First Windows 7 0-Day Vulnerability


So a pretty serious remote vulnerability has been discovered in Windows 7, as usual Microsoft is downplaying the problem asking you to block the ports on your firewall rather than fixing the issue.

I’d imagine the problem would only really be a big issue inside networks as who exposes SMB ports to the outside world anyway (TCP ports 139 and 445).

But as we all know, the biggest threat to corporate network security ALWAYS comes from the inside.

Microsoft late on Friday confirmed that an unpatched vulnerability exists in Windows 7, but downplayed the problem, saying most users would be protected from attack by blocking two ports at the firewall.

In a security advisory , Microsoft acknowledged that a bug in SMB (Server Message Block), a Microsoft-made network file- and print-sharing protocol, could be used by attackers to cripple Windows 7 and Windows

The zero-day vulnerability was first reported by Canadian researcher Laurent Gaffie last Wednesday, when he revealed the bug and posted proof-of-concept attack code to the Full Disclosure security mailing list and his blog. According to Gaffie, exploiting the flaw crashes Windows 7 and Server 2008 R2 systems so thoroughly that the only recourse is to manually power off the computers.

At the time, Microsoft only said it was investigating Gaffie’s reports.

And well let’s face is, this is not the first time that a serious flaw that can be remotely exploited has been discovered in SMB.

It doesn’t seem like the most secure of protocols, I really doubt Microsoft developed it using SDL (Security Development Lifecycle).

It seems in this case though it’s limited to a DoS attack, perhaps due to all the fancy security controls Microsoft has implemented in the Windows 7 kernel.

Then on Friday, it took the next step and issued the advisory. “Microsoft is aware of public, detailed exploit code that would cause a system to stop functioning or become unreliable,” Dave Forstrom, a spokesman for Microsoft security group, said in an e-mail. “The company is not aware of attacks to exploit the reported vulnerability at this time.”

Forstrom echoed Gaffie’s comments earlier in the week that while an exploit could incapacitate a PC, the vulnerability could not be used by hackers to install malicious code on a Windows 7 system.

Both SMBv1 and its successor, SMBv2, contain the bug. “Windows Vista, Windows Server 2008, Windows XP, Windows Server 2003 and Windows 2000 are not affected,” assured Forstrom.

Attacks could be aimed at any browser, not just Internet Explorer (IE), Microsoft warned. After tricking users into visiting a malicious site or a previously-compromised domain, hackers could feed them specially-crafted URIs (uniform resource identifier), and then crash their PCs with malformed SMB packets.

Even so, I’m sure a skilled attacker could probably work out a way to drop some malicious code into the OS using this PoC and well if I know the underground they probably already are.

This vulnerability is the first official zero-day reported and confirmed by Microsoft in Windows 7 since the new operating system went on sale October 22nd.

I’m sure there will be many more.

Source: Network World

Posted in: Exploits/Vulnerabilities, Windows Hacking

, , , , , , , , ,


Latest Posts:


Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.


3 Responses to Microsoft Confirms First Windows 7 0-Day Vulnerability

  1. dfsfd December 12, 2009 at 10:56 am #

    No vulnerability on Seven, it’s fake.

  2. Rafal December 18, 2009 at 11:37 pm #

    I just have to ask … who in the world still opens SMB to the outside Internet?!

  3. bob January 13, 2010 at 8:29 am #

    rafal

    read this bit again

    But as we all know, the biggest threat to corporate network security ALWAYS comes from the inside.