Microsoft confirms first Windows 7 zero-day bug

Urges users to block ports until a patch is ready, but workaround cripples browsers

Microsoft late on Friday confirmed that an unpatched vulnerability exists in Windows 7, but downplayed the problem, saying most users would be protected from attack by blocking two ports at the firewall.

In a security advisory , Microsoft acknowledged that a bug in SMB (Server Message Block), a Microsoft-made network file- and print-sharing protocol, could be used by attackers to cripple Windows 7 and Windows Server 2008 R2 machines.

The zero-day vulnerability was first reported by Canadian researcher Laurent Gaffie last Wednesday, when he revealed the bug and posted proof-of-concept attack code to the Full Disclosure security mailing list and his blog. According to Gaffie, exploiting the flaw crashes Windows 7 and Server 2008 R2 systems so thoroughly that the only recourse is to manually power off the computers.

At the time, Microsoft only said it was investigating Gaffie's reports.

Then on Friday, it took the next step and issued the advisory. "Microsoft is aware of public, detailed exploit code that would cause a system to stop functioning or become unreliable," Dave Forstrom, a spokesman for Microsoft security group, said in an e-mail. "The company is not aware of attacks to exploit the reported vulnerability at this time."

Forstrom echoed Gaffie's comments earlier in the week that while an exploit could incapacitate a PC, the vulnerability could not be used by hackers to install malicious code on a Windows 7 system.

Both SMBv1 and its successor, SMBv2, contain the bug. "Windows Vista, Windows Server 2008, Windows XP, Windows Server 2003 and Windows 2000 are not affected," assured Forstrom.

Attacks could be aimed at any browser, not just Internet Explorer (IE), Microsoft warned. After tricking users into visiting a malicious site or a previously-compromised domain, hackers could feed them specially-crafted URIs (uniform resource identifier), and then crash their PCs with malformed SMB packets.

Microsoft said it may patch the problem, but didn't spell out a timetable or commit to an out-of-cycle update before the next regularly-scheduled Patch Tuesday of Dec. 8. Instead, the company suggested users block TCP ports 139 and 445 at the firewall. Doing so, however, would disable browsers as well as a host of critical services, including network file-sharing and IT group policies.

Gaffie's vulnerability was the first zero-day reported and confirmed by Microsoft in Windows 7 since the new operating system went on sale Oct. 22.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags MicrosoftsecurityWindows 7

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld (US)
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?