Network News

X My Profile
View More Activity

Microsoft warns of Windows 7 security hole

Microsoft has confirmed reports of a security flaw in its Windows operating system that hackers could use to temporarily destabilize Windows 7 PCs. The software giant also acknowledged that blueprints for exploiting the flaw are now available online.

At issue is a so-called "denial-of-service" vulnerability in the component of Windows that handles the sharing of files and folders. Microsoft said attackers could use exploit code now publicly available to cause vulnerable systems to stop functioning or become unreliable. The flaw is present in Windows 7 and Windows Server 2008 R2, and does not exist in older versions of the operating system, the software giant said.

In a security bulletin published Friday, Microsoft said the vulnerability would not let attackers install malicious software or take control over an affected system, and that any ill effects from an attack on this flaw could be remedied by simply restarting the PC. In addition, the kind of computer network traffic that would be needed to exploit this flaw is easily blocked by using firewall software, such as the Windows firewall that ships with Windows 7 systems.

By Brian Krebs  |  November 17, 2009; 9:10 AM ET
Categories:  Latest Warnings , Safety Tips  | Tags: microsoft, windows 7  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Security update for Apple's Safari Web browser
Next: Experts: Smart grid poses privacy risks

Comments

This time really is like all the others!

Posted by: anarcho-liberal-tarian | November 17, 2009 11:04 AM | Report abuse

That's not too bad. From a consumer point of view, if these are the kinds of holes that we can expect in 7, I'm happy.

Posted by: Booyah5000 | November 17, 2009 11:53 AM | Report abuse

"In addition, the kind of computer network traffic that would be needed to exploit this flaw is easily blocked by using firewall software, such as the Windows firewall that ships with Windows 7 systems."

So is the W7 FW sensibly enabled during the initial setup or upgrade? Or if W7 is pre-installed by most major OEM venders, is the FW enabled then?

I'm asking if the typical scenario is the FW is already enabled or is a "special" configuration required to protect against this specific DOS exploit?

Posted by: JimGoldbloom1 | November 17, 2009 12:47 PM | Report abuse

Of course they had no clue about this last week when they released patches to fix 15 other exploits for earlier versions?

Posted by: tojo45 | November 17, 2009 12:53 PM | Report abuse

I'll stick with Windows ME.

Posted by: whocares666 | November 17, 2009 1:17 PM | Report abuse

Could be worse, I guess.

Posted by: brucerealtor@gmail.com | November 18, 2009 12:35 AM | Report abuse

Why? Why? Why? Are we putting so many of our eggs in one basket?

Posted by: n7uno | November 18, 2009 3:17 AM | Report abuse

"Why? Why? Why? Are we putting so many of our eggs in one basket?", wrote n7uno.

For 300 bucks or so, people can get a netbook or not Hummer-esque notebook and load and try one of the Linux distributions. Once I tried Ubuntu, I realized I never again needed a Microsoft computer.

Posted by: TeresaBinstock | November 18, 2009 4:40 AM | Report abuse

Of course there have to be SOME problems with Win7, otherwise how could anyone be suckered into buying Win8?

Posted by: hairguy01 | November 18, 2009 5:27 AM | Report abuse

Holes in Windows? I'm trying to figure out exactly how this is news.

Posted by: leaping_gnome | November 18, 2009 8:16 AM | Report abuse

Yesterday I installed Windows 7 on a new $300 computer and firewall on is one of the defaults in setup. So go back to bed.

Posted by: b_100666 | November 18, 2009 8:32 AM | Report abuse

BFD! I'm glad the vulnerability was found. W7 as every other Windows OS is a complex system that affords me more conveniences in my day to day life than it causes me woes. I absolutely EXPECT security flaws to be found as much as I EXPECT they will be fixed when they are. Cyber crime and cyber espionage (sp?) drive teams of people to find and exploit these vulnerabilities. To believe that an OS can be written so perfectly as to be invulnerable to flaw is ridiculous. Nothing is impervious to attack or exploit. Not even a MAC. I love the MAC commericials, because they are true. But I don't own a MAC. I know that the MAC OS is just as vulnerable to security flaws as Windows. I also know that if the roles were reversed and the world ran on the MAC OS, that we would be reporting the same number of vulnerabilities exposed and the same number of security fixes addressed. Why? Because, the MAC OS would become the primary target for attack. Hackers aren't going to waste their time on an OS that's got limited distribution and use. So, that's great that this vulnerability has been found and will be fixed. End of story.

Posted by: dhamilton1 | November 18, 2009 9:08 AM | Report abuse

I find it disturbing that so many immediately jump to bashing Windows or Microsoft or start espousing other OS's. I knew it would happen as soon as I saw the initial reports of the flaw.

Regardless of what OS you favor, enough with the fanboyism and bashing! Grow up!

Posted by: xAdmin | November 18, 2009 12:10 PM | Report abuse

@dhamilton1: Windows isn't perfect, nor are Macs.

But your comment "I know that the MAC OS is just as vulnerable to security flaws as Windows. I also know that if the roles were reversed and the world ran on the MAC OS, that we would be reporting the same number of vulnerabilities exposed" is NOT true.

It is true that few hackers attack Macs, and that's partly because there are fewer of them. Partly. The other part is that it's much harder to create a successful attack. Not impossible, but much harder.

Posted by: vdev | November 18, 2009 1:00 PM | Report abuse


And then there is TJH Internet SP "demo" product: a full-blown installation of fully functional Slackware Linux onto a bootable DVD. And it runs entirely from the DVD! And because it is Read-Only, even if hackers can get onboard, they can't do anything because it's... Read Only.

Patent 7,464,403 heh heh.

Posted by: thardman | November 18, 2009 4:37 PM | Report abuse

Is it really a security flaw if it can be blocked by the firewall?

Leaving your purse on the kitchen table is a security flaw unless you lock the front door.

If all "security flaws" that appear only when the firewall is "off" were fixed, then the firewall would be superfluous.

Perhaps we need two categories: (1) Security Flaws and (2) Security Flaws for Dummies (who open unexpected e-mail attachments, who click on links in e-mail from unfamiliar senders, who don't check URLs for financial sites, who don't look for the padlock, and who couldn't tell the difference between http and https if their financial security depended on it [it does]).

Posted by: IanGilbert | November 18, 2009 5:45 PM | Report abuse

Does anyone think a firewall would help my Apple Lisa computer?

Posted by: stevyost | November 18, 2009 7:59 PM | Report abuse

If i had BILLIONS of users & am the big cheese I would get shot @ too.
Apple OS? Who cares?!

Posted by: Rocc00 | November 18, 2009 11:05 PM | Report abuse

I'll never figure out how a company as big as Microsoft can spend so much time developing software and so quickly find out that it is flawed. Why don't they hire some hackers to attack the software beofre they issue it?

Posted by: atp2007 | November 19, 2009 12:08 AM | Report abuse

This idea to hire hackers to hack the OS when the OS is being developed is a great idea.

I am pretty sure they do some of it already.

Enjoy!

Posted by: junk9 | November 19, 2009 2:37 AM | Report abuse

Brian! Great article as always and thanks. But do we have to keep referring to Microsoft as the 'software giant'? I think we already know by now how much market share they have. And there are probably better and more descriptive terms your editor would approve of. ;) Cheers.

Posted by: Rixstep | November 19, 2009 6:31 AM | Report abuse

Interestingly enough, the person who discovered this flaw (Laurent GaffiƩ) is also the person who found this one:

http://voices.washingtonpost.com/securityfix/2009/09/microsoft_ships_stopgap_fix_fo.html

His intent in publishing this most recent one was to point out flaws in Microsoft's (lack of?) pre-release vulnerability testing.

Posted by: bmac4 | November 19, 2009 4:40 PM | Report abuse

Posted by: justdenny1 | November 19, 2009 4:44 PM | Report abuse

I was in the market several years ago for a laptop. However, that all changed when I got the iPhone. I only use a computer for surfing the web, paying bills, and reading newspapers. I can do all that on the go with my iPhone and I don't have to carry a heavy laptop when I fly. I can watch movies on my iPhone, read books, or listen to music. I have a PC at home that's 5yrs old, XP. It is still fast and runs without any major problems. I am up to date on all patches, antivirus, firewall, and antispyware. I do not anticipate "upgrading" to W7 unless my PC goes kaput.

Posted by: jabreal00 | November 21, 2009 10:10 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company