First Windows 7 zero day exploit is spotted

There is a village somewhere who needs you.

I don't know if crashing is really a security exploit, more just an annoyance: there's plenty of garbage third-party drivers and other software out there that isn't intentionally malicious but will ruin your machine. Win7 seems to be really pretty secure, honestly. Vista is, too, for that matter. Most 'real' problems with Vista were due to third-party code, unsigned drivers, and idiots that got desensitized to the UAC pop-up and always hit "allow".

Then what is your point?

"...renders the computer useless, or at least more useless than it was before when Windows was still running.."

OK. this went straight into my little green book of memorable quotes. Thanks :)

As I remember, a Turing machine cannot determine for all possible programs whether their computation ever halts. As a consequence, you cannot prove that a sufficiently complex computer system cannot be forced into an infinite loop.

So I ask you to name the operating system where such an attack is not possible! After you do that, maybe this will be news.

Correct me If I'm mistaken, but in a DOS the purpose is to render the hosting server unreachable... Well, sending a bunch of them in an infinite loop would do the trick!

Agreed, it is theoretical, but it remains a flaw.

After all, why should we expect Microsoft to sell us secure software? If we wanted that, we would probably just use something like Linux for free.

No, we should all continue to expect to pay for programs that have security problems and/or crash often (with or without external intervention). This has always been the Great Microsoft Way (TM). And I think we should vigorously defend Microsoft against any and all criticisms by journalists, reviewers, and any other Microsoft nay-sayers.

Some people just don't get it. To them I say: "go use Linux if you can't handle all the problems and expense of Microsoft...I have a constitutional right to choose to donate my money and my company's money to Microsoft corporation and place our precious data in the trustworthy hands of my personal hero, Steve Ballmer (who is also one heck of a dancer, IMHO!).

Come out from under your little windoez world boy & buy a proper computer

Macs dont crash, ever, they can't crash...period(.)

You're not crossing my bridge m8

macs do crash. osx crashes as often as a properly mantained windows machine.
i own both and both give the same problems.
osx is just more friendly and doesn't let u do so many crazy things with 3rd party drivers and software.
apple monopoly works, microsoft sometimes :)

I read your name as nick Farewell, hah. No, really, Nick, you are an above average writer for the INQ now, which speaks volumes of how far the INQ has fallen.

I cant believe some of the responses to this article. Crashing a server is not a serious problem? Remember that next time your email goes down! Idiots.

@Halting problem: name an OS that is secure? That would be OpenBSD. http://www.openbsd.org/ HTH. HAND.

Re: "renders the computer useless, or at least more useless than it was before "

So now there are degrees of uselessness? I think not. If something has no use, it has no use. Hence the term "useless". Now Nickie, I 'spose too you really believe somebody killed with three bullets is more dead than somebody killed with only one bullet. And when it comes to math, if one ship can cross the ocean in three days, three can cross in one day right?

Do you secretly work for the US Treasury?

Yes, because OpenBSD and Linux have never had a vunerability.

http://www.securityfocus.com/bid/36859/discuss

OpenBSD 4.6 v.s. Windows 7, lists look similar and short. 5 v.s. 1 if we look at non beta/RC products. Both have been out since about the 4th week of October. Actually I guess that makes OpenBSD about 5 times LESS secure than Windows. Go figure.

Um.. If you do a google search on GSOD (Grey Screen of Death), you'll find quite a few hits proving that Mac OS X does crash.

..and as for Linux here, I run it too, but if you don't keep it updated and watch out for security holes, it won't matter. Remember that massive bug they had awhile ago where one could compile a simple program and gain root?

All operating systems have flaws. I don't really care who defends who, they have flaws. They might not show up immediately, but someone will find them.

If you keep your stuff updated, watch out for reports, and update your firewall and/or antivirus software, you won't have issues.

Re to Doug Glass:
If you're talking about death, it's possible to be more dead than another. Depending on definition, one can be resurrected by jump starting their heart again.

In terms of uselessness, Windows is a multipurpose OS. It may be useful in one aspect, in another it could be useless. Therefore having degrees of uselessness.

But besides Win7's uselessness, I've only used Windows to play games. Any other operating system can do what Windows does. And there are better protocols to use other than SMB that's more secure and reliable.

uptime for windows record is??? i'm just curious.
with linux it's ?? oh, the record uptime for unix or linux changes daily. yesterday it was 14 years, 231 days, today it is 14 years, 232 days.
With micorosoft forcing OS upgrades every 3-5 years, there is no chance they can ever catch up.

well, i pulled that 14 years thing out of nowhere, the real record for a unix box is probably closer to 30some odd years. Think wargames, some server the dod forgot exists.

There is a very comprehensive guide to everything Windows 7 here (and I mean everything):
http://ninjarabbits.blogspot.com/2009/11/hopefully-very-comprehensive-guide-to.html

Unhandled exception
Type=GPF vmState=0x00000000
Target=2_20_20040813_1849_BHdSMr (z/OS 06.00)
CPU=s390x (2 logical CPUs) (0x0 RAM)
signal=0000000b
gpr0=00000000000003e7 gpr1=0000000000000000 gpr2=0000000100006160 gpr3=0000000000000010
gpr4=00000001082fe780 gpr5=00000000000000c0 gpr6=0000000000000000 gpr7=00000000122c66e8
gpr8=0000000000000007 gpr9=00000000122c6708 gpr10=0000000108377e70 gpr11=000000010c83fb78
gpr12=0000000108300c60 gpr13=0000000108377e00 gpr14=000000007cd18938 gpr15=0000000000000000
fpr0=4841230c72000000 fpr1=4580000000000000 fpr2=4e80000117ddc374 fpr3=3ff0000000000000
fpr4=406f000000000000 fpr5=0000000000000000 fpr6=0000000000000000 fpr7=0000000000000000
fpr8=0000000000000000 fpr9=0000000000000000 fpr10=0000000000000000 fpr11=0000000000000000
fpr12=0000000000000000 fpr13=0000000000000000 fpr14=0000000000000000 fpr15=0000000000000000
psw0=0785240180000000 psw1=00000000122c66f8 fpc=0000000000000000
JVMDUMP0006I Processing Dump Event "gpf", detail "" - Please Wait.
JVMDUMP0007I JVM Requesting System Dump using IEATDUMP success

it is, especially that it affects server branch of MS systems (2008 R2). on client pc this may mean an inconvenience or a lost homework.
the whole issue strangely resembles the smb problem that affected vista and 7rc - supposedly resolved since. dejavu?

IE8, W7 64-bit, Nvidia video card, Intel CPU. Go to adobe dot com, then shrink the window down. AH HA, IE instantly freezes. Tried this on 3 completely different systems, happens on all of them. Now THAT's news, noobs.

I guess with Silverlight out the door, they don't want people downloading Flash anymore.

This is just a load of crap to rain on MS. Again. Get over it already. Only MAC users would go so low as to call this a exploit.

Anyone notice that its the same old excuses used over and over again to sidestep the argument in order to defend Microsoft?

Most common examples:
"Is this even an exploit?"
"All software have issues."
"Windows is just as secure as Mac, Linux, etc."
"Windows has more marketshare, so its attacked more."

The funny thing is: NONE of these are responses from people who know how to audit code, pen test a system, or write any form of computer code. (Let alone design an application or reverse engineer one).

Its trivial responses and presumptions.

...Really nothing but excuses to justify to themselves of their expenditure and investment in Microsoft solutions/services. (Nobody wants to be told they made a poor or bad decision).

They won't face the fact that the implementation (SMB protocol in this case), is flawed and needs to be re-written or re-designed.

Instead, its all excuses.

Well, let me tell you, dear MS apologists; Excuses don't fix software problems!

A bug is a bug. It needs to be fixed. ASAP. You can't justify it, prioritise it, play down on it, or categorise it.

If it does not get fixed, you are vulnerable, and no amount of trivial excuse (or security band-aid like AV software), can save you.

As a Windows user, its your responsibility to push Microsoft into resolving this ASAP. You paid for the solution. You are their customer.

You might find that what has been reported is just the Colossal tip of a Titanic iceberg .....and the following is the abiding problem which is spreading at warp light speed. It has just be posted elsewhere but here are a novel assortment of alternative thinkers ..... and phreaking geeks too. :-) And I say that most sincerely, folks, with zero malice afore or afterthought.

by amanfromMars November 14, 2009 12:36 AM PST
Hi, Elinor,

It is most unlikely, for obvious cybersecurity reasons, that any admission of an exploit of the vulnerability, which you might also like to consider is an inconvenient out of temporal sequence information disclosure, will be revealed by the compromised system, as it, the vulnerability, [and man, is that a mislead and a half] is most likely to be both exercising the dynamic scale of its power in kernel land and furthering embedding itself for accomodation of future reinforcing support.

The days of stupid bugs are long gone ......Nowadays, when Sun and Serfs and Surf Servers are Up, will they all be SMART Stealthy Guided Missives .... for Sleeper Sells/Insider ZerodDay Trade[r]s which deliver Illuminating Enlightenment into Darker and Deeper Matters.

And re the Windows versus Apple Server bun fight/handbags-at-dawn kerfuffle, is it not the case that Windows Servers feed Exclusive Fat Cats whereas Apple Servers seed Inclusive Thin Clients, thus does the former Guarantee itself to be under permanent hostile fire attack whilst the latter cruises sublimely on into ITs SurReal Creative Controller Spaces?

http://news.cnet.com/8301-27080_3-10395891-245.html?tag=mncol

Most of you are just a bunch of MAC Geeks who have nothing better to do than whinge about Microsoft.

If MAC is so good why do most people still use a PC? (software compatibility, etc maybe)

Windows 7 is great and works fine.
I haven't had a single problem since using the full version for 3 months.

MACs do have exploits too and if they were the forerunner they would be attacked more by hackers too.

Yeah APPLE are just great aren't they with their monopoly control to their products. ( Look at crappy Itunes - what a pile of C**p that is and you can't even copy music on and off an IPOD easily).

So why don't you geeks take off your 'I dreamt of my MAC last night' T-Shirts and get a life!

No need to get upset because of "...renders the computer useless, or at least more useless than it was before when Windows was still running.."

He's just channeling Charlie for a bit.

Well MS DOS, then you end up with a Swiss Cheese OS. Apple was at least brave and smart enough to move to a Unix platform. OS X does rock (used it for years) and is much more stable and secure than Windows fundamentally because of it's foundation.
Me, I use Linux now.

If you're in a business where it's critical that your computers are up and running during business hours, it IS a big fricken deal.