Protect your PCs from Windows 7's zero-day exploit

A new zero-day bug has hit Windows 7. Here's how to keep it from harming your PCs.

It was a notable accomplishment when Windows 7 was not impacted in any way by the vulnerabilities addressed in the six Security Bulletins released by Microsoft for the November Patch Tuesday. It would be even more impressive if Windows 7 proved invulnerable to the zero-day exploit that hit the next day.

This newly found bug was discovered by Laurent Gaffie and details were posted on the Full Disclosure mailing list. Microsoft is investigating the reported flaw which basically crashes a Windows 7 system when exploited. The issue is in the SMB (Server Message Block) protocol that forms the backbone of Windows file sharing. When triggered, the flaw results in an infinite loop which renders the computer useless.

Tyler Reguly, Lead Security Research Engineer with nCircle, explains "Exploitation of this vulnerability occurs when a user attempts to browse to Windows Share hosted on the malicious server. On Windows 7, the DoS (denial of service) will occur as soon as you type '\\<ip>\' in the search box. "

The vulnerability actually impacts both Windows 7 and Windows Server 2008 R2. There are currently a couple different proof-of-concept exploits circulating, but there are no reported attacks in the wild at this point. Because the flaw only enables an attacker to crash the system, and doesn't provide any unauthorized remote access that could lead to compromising information or performing other malicious activities, the odds of the exploit being actively used by attackers is fairly slim.

With some SMB-based bugs, you can minimize the risk of exposure by blocking SMB traffic at the router or firewall--essentially making sure that no outside source would be able to attack systems on your network. Blocking TCP ports 135 through 139, and port 445 will prevent outside SMB traffic from entering the network.

With the firewall blocked, the threat still exists internally, but ostensibly the systems on the internal network should be more trusted than those on the Internet and hopefully nobody on the internal network would intentionally launch such an attack. You could block those ports on the internal network as well, but then systems would be unable to access file and folder shares on the network.

With this particular bug though, the firewall will not protect you completely from outside attacks. Reguly says "There is an Internet Explorer-based attack vector. By including a file stored on a share in the HTML of the web page the flaw can be triggered. But, once again the result is a denial of service."

Until Microsoft completes its investigation of the issue and releases a patch, you will just have to be vigilant about avoiding suspicious or malicious links on web pages. Because of the limited value of a DoS for the attackers, odds are good you won't see any attacks from this.

Microsoft has described Windows 7 as the most secure operating system it has yet developed but 'most secure' doesn't mean impervious. Windows 7 is still significantly more secure than Windows XP, but news of the Windows 7 vulnerability certainly overshadows the fact that Windows 7 wasn't impacted on Patch Tuesday.

For more real-world tech solutions for small and midsized businesses--including cloud services, virtualization, and complete network overhauls--check out PC World's Tech Audit.

Tony Bradley tweets as @PCSecurityNews, and can be contacted at his Facebook page.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Windows 7Patch Tuesday

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments

Cool Tech

Toys for Boys

Skywatcher Dobsonian 8″ Collapsible Telescope

Learn more >

Family Friendly

Whodunnit™ Duo-Scope MFL-007 Microscope Kit

Learn more >

Stocking Stuffer

Logitech Ultimate Ears Wonderboom 2 Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?