SOFTWARE ALCHEMIST Microsoft has admitted that its Vista operating systems is shipping with a bug that was first discovered in Windows machines in 1999.
The flaw was actually patched in Windows 2000 and XP but apparently was long forgotten when Vista shipped.
All a hacker needs to do is send a deliberately malformed network negotiation request, which can force a Vista system into a page fault that triggers a BSOD. The attack affects both 32-bit and 64-bit versions of the OS.
The attack does not require authentication, but port 445 of the target system must be open, and on Windows it is open by default. Laurent Gaffié, who discovered the vulnerability, has contacted Microsoft, noting that the only solution he can think of is to turn off the SMB feature and close port 445.
The Vole has now issued Security Advisory 975497 to cover the issue and has registered its extreme displeasure at Gaffié for going public with the flaw.
Redmond says it might provide a security update on Patch Tuesday or an out-of-cycle patch once it is ready.
The Vole also said that there are two workarounds for the flaw - disable SMB v2 and block TCP ports 139 and 445 at the firewall.
Machines are not as vulnerable as they were in 1999. In Vista, if the network profile is set to "Public", the system is not affected by this vulnerability, since unsolicited inbound network packets are blocked by default.
Although Windows 7 and Windows Server 2008 R2 have similarities with Vista, the Vole does not believe that they are affected by this vulnerability. However Windows 7 RC is affected, but since that is not officially "out there" it is allowed to be just as insecure as Vista, apparently. µ
It's the week in Google news
Erik Estrada wouldn't have stood for this
Hacks in support of WikiLeaks founder target gov websites