- Saturday, 21 November 2009
- INQ Mobile
- RSS
Whoever gossips to you will gossip of you - Spanish proverb
Ancient flaw hits Vista
SOFTWARE ALCHEMIST Microsoft has admitted that its Vista operating systems is shipping with a bug that was first discovered in Windows machines in 1999.
The flaw was actually patched in Windows 2000 and XP but apparently was long forgotten when Vista shipped.
All a hacker needs to do is send a deliberately malformed network negotiation request, which can force a Vista system into a page fault that triggers a BSOD. The attack affects both 32-bit and 64-bit versions of the OS.
The attack does not require authentication, but port 445 of the target system must be open, and on Windows it is open by default. Laurent Gaffié, who discovered the vulnerability, has contacted Microsoft, noting that the only solution he can think of is to turn off the SMB feature and close port 445.
The Vole has now issued Security Advisory 975497 to cover the issue and has registered its extreme displeasure at Gaffié for going public with the flaw.
Redmond says it might provide a security update on Patch Tuesday or an out-of-cycle patch once it is ready.
The Vole also said that there are two workarounds for the flaw - disable SMB v2 and block TCP ports 139 and 445 at the firewall.
Machines are not as vulnerable as they were in 1999. In Vista, if the network profile is set to "Public", the system is not affected by this vulnerability, since unsolicited inbound network packets are blocked by default.
Although Windows 7 and Windows Server 2008 R2 have similarities with Vista, the Vole does not believe that they are affected by this vulnerability. However Windows 7 RC is affected, but since that is not officially "out there" it is allowed to be just as insecure as Vista, apparently. µ
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
Mais non, mon ami! It wasn't patched at all. It's just that 2k and XP's TCP/IP stack was derived from BSD's, which handled these little packet oddities properly. You can string telnet.exe on either for quick and dirty proof - Regents of the UC, Berkeley and the BSD licence is in there. Also, a certain Mr. Gibson went ballistic because BSD's stack opened up raw sockets to userland, a side-effect they didn't "correct" (as if raw socket access enabling such things as spoofed packets to be created on a platform used by world+dog on porn sites laced with malware is a bad thing*) until, IIRC, XP SP2.
They then tried to write their own for Vista+ and would seem to have fouled it up in exactly the same way as 9x and NT4's. One would almost think they were re-using ancient code but MS wouldn't do that, would they?
It's a TCP stack weakness related to treatment of oversized payloads or packet fragments if it truly is a repetition of the teardrop flaw of days of yore, especially given that userland services like SMB are unlikely to crash the kernel in such a meaningful and final way.
Microsoft's current and past attempts at authoring TCP/IP stacks seem not to be worth a blow on a rag-man's Trumpet. And yes, those of you who remember Win 3, that was an intentional pun.
* Yes, Steve, you were right. The sarcasm should be self-evident.
... Are doomed to repeat it.
Those who *DO* remember history are doomed to watch *others* repeat it.
Doooomed. We're dooooomed.
Dooooooom.
"If you buy our superior products you won't be tied to Microsoft's high-cost operating system and all it's intrinsic security vulnerabilities"
Don't try to sell a good product. Just make sure your product doesn't do what people know your competitor's does wrong. And charge a bit more to make it look really better.
The MS trolls were out in number when it was found out Apple had a older version of Flash in their new OS. It is fixed now too but MS can let security problems go for years, the irony of it all. No Swiss Cheese OS for me, thank you very much.
You know, the truth is that Vista is based on code from windows 3.1. That's why they forget that bug. That's why it's so slow and buggy (That would explain a lot actually).
Someone told me that if you play solitary in Vista, it will downgrade to XP automatically...You didn't hear it from me.
Don't you mean upgrade to XP?
Downgrade is the wrong word...
My mistake. I humbly bent down and eat soil...and beg for forgiveneess. Vista is the new millenium isn't ? So I should have said upgrade.
I have worked 3 years for a Cie that sold PC to corporation. I have "downgraded" so many Vista systems to XP, that sometimes I get confused.
I am still debating with myself if 64 bits OS is a real upgrade to a 32 bits...since the 64 bits Windows are half 32 bits compatible. You can imagine how confused I will get if we fall into that debate.
At least microsoft does not claim to be "free" of viruses and security holes.
Apple should change its ads to say "our os is not as vunerable as Windows(some will get thru but not all).
Well, Microsoft do keep claiming their latest version is their most secure ever.
Which makes you wonder. After all, if this flaw is recycled old never secure code, well...
That and saying that this isn't so bad because of other people's somewhat sad claims of invulnerability isn't entirely convincing. I think I'd have a better chance of convincing one of the fine lads from Millwall that they should give it up and go support West Ham.
As tested...I don't know about R2 but Server 2008 SP2 is definitely affected as well...