Stumble Upon
Delicious
Digg
Facebook
Blog
Windows 7 RTM Dodges Critical 0-Day
Microsoft has confirmed that a zero-day vulnerability in Server Message Block (SMB) could allow remote code execution in the event of successful attacks. Different grades of Windows are affected, the company reported, however, this is not the case with Windows 7 RTM Build 6.1.7600.16385, or the golden Windows Server 2008 R2. However, Microsoft said that they had detected no specific targeting to the SMB 2.0 security flaw and was not aware of the impact of customers.
In addition to RTM Windows 7 and Windows Server 2008 R2, the software giant also revealed that customers running these operating systems are also affected by the security hole 0-day: Windows XP and Windows 2000. The same is not true for RTM/SP1/SP2 Windows Vista and Windows Server 2008 RTM-SP1/SP2. And while Windows 7 RTM does not contain the vulnerable code, Release Candidate, Build 7100, not dodge the vulnerability. This means that evaluators running Windows 7 RC are as vulnerable to attacks, if any, as the users of Vista and Windows Server 2008.
“Microsoft is not currently aware of any attacks using this vulnerability. Microsoft recommends customers [to] review and implement the workarounds outlined in the security advisory. More information on suggested actions can also be found in Microsoft Knowledge Base Article 975497. While these workarounds do not completely mitigate the threat, we’re currently investigating the issue as part of our Software Security Incident Response Process (SSIRP) and working to develop a security update. This update will be released once it reaches an appropriate level of quality for broad distribution,” promised Christopher Budd, security response communications lead for Microsoft.
At the time of writing this article, KB975497 was not alive, but I’m sure that Microsoft will correct this issue soon. Meanwhile, the company has listed a number of solutions in Microsoft Security Advisory (975497) that can be applied immediately. Vista, Windows Server 2008 and Windows 7 users can disable SMB v2 RC and block TCP ports 139 and 445 at the firewall. But as I said, there was no attacks exploiting exploits designed to take advantage of this specific SMB 2.0 zero-day vulnerability.
“Also, this vulnerability was not responsibly disclosed to Microsoft and may put computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone’s best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed,” Budd added.
