Windows 7 Security Flaw Could Disable Computer

View previous topic View next topic Go down

Windows 7 Security Flaw Could Disable Computer

Post by Larry on November 12th 2009, 11:28 am

http://www.infopackets.com/news/business/microsoft/2009/20091112_windows_7_security_flaw_could_disable_computer.htm



Microsoft is examining claims that a bug in Windows 7 could allow a hacker to remotely disable a computer. The news comes just as the firm urges users of previous editions of Windows to give priority to one particular patch in this month's security update.

The Windows 7 bug, reported by a security researcher who's posted what he claims to be code for exploiting the bug, involves the Server Message Block. That's a section of Windows used in networks for features such as file and printer sharing.
Bug Allows "Infinite Loop" Attack

Laurent Gaffie says that the bug could make it possible for a hacker to force the Windows 7 kernel into an infinite loop. (The kernel is effectively the controller of Windows and determines exactly what a computer can do at any time.) That wouldn't allow the hacker to access a user's data or install any software. However, it would mean that the computer would be rendered useless until it was restarted. This would make the bug a particularly useful tool for anyone wanting to cause damage to a company or organisation by tying up its resources.

The bug is also said to affect Windows Server 2008 R2. Gaffie told Microsoft about the issue before releasing the information and the software company has confirmed it is investigating and will issue a patch if necessary. (Source: computerworld.com)
Separate Kernel Bug Requires Immediate Patch

Meanwhile, users of earlier editions of Windows have been told to take particular care to install a security update listed as MS09-065 in this month's update. It blocks another loophole which also involves the kernel. With Vista it would again only allow the hacker to tie up the kernel (a "denial of service" attack), but with XP it could give them the ability to control the kernel's activity in more detail. (Source: microsoft.com)

The bug involves the Embedded Open Type system, which is used by some websites to display a typeface which users might not have, but in a way that prevents them from copying it to use themselves. One use for this would be for a design company that wants to show off its typographical work.

To activate the bug, the hacker would have to entice the victim to visit a rogue webpage with an infected font embedded on it -- for example, via a link in a bogus email.
avatar
Larry
Moderator
Moderator


Back to top Go down

Re: Windows 7 Security Flaw Could Disable Computer

Post by shanaya on November 12th 2009, 10:45 pm

Good to know, Larry. Thanks!
avatar
shanaya
Admin is da shiznit!
Admin is da shiznit!


Back to top Go down

Re: Windows 7 Security Flaw Could Disable Computer

Post by Doreen on November 13th 2009, 1:06 am

another reason people still want a Mac
avatar
Doreen
Moderator
Moderator


Back to top Go down

Re: Windows 7 Security Flaw Could Disable Computer

Post by Carl D on November 16th 2009, 7:50 pm

Thanks, Larry.

I like Windows 7 so far. But, like every previous Windows version, I'm sure we'll be downloading heaps of security updates for years..

_________________
avatar
Carl D
The Little Spy
The Little Spy


Back to top Go down

Re: Windows 7 Security Flaw Could Disable Computer

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum