First Windows 7 Zero-Day Exploit Confirmed by Microsoft

[Terry Olaes]

Microsoft confirmed the existence of an unpatched zero-day vulnerability that affects Windows 7 & Server 2008 R2, though they are downplaying the risk. MS says that most users would be protected from the attack if they block two ports at their firewall. Right, because most consumers know how to block ports at their firewall. Glad to hear that MS isn’t too worried.

Microsoft said it may patch the problem, but didn't spell out a timetable or commit to an out-of-cycle update before the next regularly-scheduled Patch Tuesday of Dec. 8. Instead, the company suggested users block TCP ports 139 and 445 at the firewall. Doing so, however, would disable browsers as well as a host of critical services, including network file-sharing and IT group policies.

 

[NKDietrich]

Okay guys, time to blacklist Windows 7 now! Righteous indignation mode ON!

 

[phide]

May patch the problem? Pardon?

 

[darkpaw]

Even the most basic perimeter firewalls block SMB traffic by default. This is a much bigger issue for attacking other systems once inside the perimeter. I think the number of Windows 7 boxes deployed in businesses so far is so small it is pretty inconsequential.

The most likely people to get hit by this are idiots that don't use the public network settings on a public wi-fi connection.

 

[devil22]

Well, uhm, I just checked the Firewall in my Windows 7 install, and those ports are only enabled if the remote address is on your local subnet, which might be a reason it's not a big concern. The advice to disable the ports probably goes for people on big corporate networks where you can't absolutely trust everyone connected, I doubt any home user has anything to fear. Also it's a DDoS not a remote code vulnerability. Also what browsers are disabled? I disabled the ports on my system and IE still works, maybe they mean network drive browsing...

 

[fightingfi]

WOW dont you just love the Safest Most Secure OS ever made.....

 

[heatlesssun]

WOW dont you just love the Safest Most Secure OS ever made.....

And it took only A YEAR to find the far with MILLIONS of Windows 7 deployments since the beta came out in January.

Show me an OS thats as widely deployed as Windows AND has significantly fewer flaws and I'll use it.

 

[KILLER_K]

I thought that was common sense to cut off that option in windows though. Mine is the first thing i turn off and i use teamviewer for anything of that matter also.

 

[DeathFromBelow]

M$

How old are you?

All OS's need a few patches:

Windows Vista was the most secure desktop OS ever developed, 7 builds upon Vista. It had months of beta testing with millions of users and a big launch yet only one relatively minor zero-day exploit has been discovered. That's pretty damn good.

 

[sfsuphysics]

Am I reading this right??

Doing so, however, would disable browsers

Disable them how? So you can't surf the web?

 

[Hurin]

Am I reading this right??


Disable them how? So you can't surf the web?

You are reading that right. However, the person who wrote it appears to be somewhat. . . . oh I'll be polite. . . wrong.

I think they meant "network browsing". . . not internet browsing.

Regardless, all consumer routers will block this port and protect the average joe from arbitrary external attack. So home users are unlikely to be affected. All corporate networks are likely to block this port. So business users are unlikely to be affected. And finally, this is a case of "only" the OS crashing/locking up. It is not a case of the system becoming compromised after the attack. If you find your computer constantly freezing, yeah, that's an issue. But your computer remains under your control as soon as you isolate the nuckle-head on your local network that's engaging in shenanigans. This is not a worm-able attack that turns your computer into a zombie on some botnet.

So, between the inept description of the flaw and the consequences of blocking those ports, and the editorializing based upon that flawed description where MS's assurances are trivialized and or misinterpreted ("most consumers" don't need to know how to block those ports because they're already blocked by their router), people are getting the wrong idea about this issue. But hey, we got to have a few yucks at MS's expense. So weee!

 

[LGabrielPhoto]

WOW dont you just love the Safest Most Secure OS ever made.....

Yeah that is why I am waiting for your much better OS to come out.
What is the ETA again?

 

[Nenu]

Am I reading this right??


Disable them how? So you can't surf the web?

Yeah its absolute bollocks.
I dont know who wrote that but they shouldnt be writing security articles.
I've had ports 139, 445 blocked for years and I've not had any browser issues as a result.

 

[ianken]

This article is clueless sensationalistic crap and I expect [H] contributors to be able to spot it as such, but based on the rolly eyes from Terry I guess he's not a [H]ard as those of us who actually know WTF is going on here.

 

[SirViro]

So, just out of curiosity, was this patched 7 days ago? Because really, this isn't an issue.

 

[heatlesssun]

So, just out of curiosity, was this patched 7 days ago? Because really, this isn't an issue.

No its a current flaw, what you're thinking of is another issue that was patched regarding SMB: http://blogs.technet.com/msrc/archive/2009/11/13/microsoft-security-advisory-977544-released.aspx

If you are preacticing standard security procedures this shouldn't be a problem. Come on, unneeded open ports over a firewell? To me that's a MUCH more serious issue.

 

[stop!theradio]

WOW dont you just love the Safest Most Secure OS ever made.....

WOW. Don't you just love the dumbest most moronic post ever made?

 

[thesmokingman]

This article is clueless sensationalistic crap and I expect [H] contributors to be able to spot it as such, but based on the rolly eyes from Terry I guess he's not a [H]ard as those of us who actually know WTF is going on here.

Yeap, pretty much.

 

[GoldenTiger]

WOW. Don't you just love the dumbest most moronic post ever made?

Should have left off the tongue-smiley at the end, it's not sarcasm!

 

[stop!theradio]

Ha ha - it's just my insurance policy. Don't want a temp ban for being bluntly honest. My statement stands - but the smiley saves my ass.

 

[WAKASHIZuMa]

This article is clueless sensationalistic crap and I expect [H] contributors to be able to spot it as such, but based on the rolly eyes from Terry I guess he's not a [H]ard as those of us who actually know WTF is going on here.

That's common with the tech press

The only time they would get cautios of a story is when it relates to Apple. If they have to say something negative about Apple, they make sure they are apologetic for it otherwise they sensationalize as much as they can. The tech journalism is crap nowadays!

 

[Uncle]

Even the most basic perimeter firewalls block SMB traffic by default. This is a much bigger issue for attacking other systems once inside the perimeter. I think the number of Windows 7 boxes deployed in businesses so far is so small it is pretty inconsequential.

The most likely people to get hit by this are idiots that don't use the public network settings on a public wi-fi connection.

So what your saying is that if were not as egotistical or knowledgeable as your Royal Highness, were idiots in your eyes. I think its time for you to reflect on your roots and where you came from, I'm sure you weren't born with all this knowledge.

 

[okashira]

I always disable and run with firewall (and defender, etc) disabled for vista and now Win7. Never had a need for them.

Should I be concerned about this / make a change?

 

[okashira]

should read, I always disable and run withOUT windows firewall / defender

sorry for the double; there wasn't an option for editing my post.

 

[Uncle]

Yeah that is why I am waiting for your much better OS to come out.
What is the ETA again?

HAHAHAHAHAH made my day. Can I quote you.

 

[Nenu]

I always disable and run with firewall (and defender, etc) disabled for vista and now Win7. Never had a need for them.

Should I be concerned about this / make a change?

I'd start by reading up on why Firewalls and Windows Defender were created.

 

[darkpaw]

So what your saying is that if were not as egotistical or knowledgeable as your Royal Highness, were idiots in your eyes. I think its time for you to reflect on your roots and where you came from, I'm sure you weren't born with all this knowledge.

No, I'm saying that people that can't even read the description of the network types that pops up when you plug into a new network deserve what they get. It tells you when the best time to use the public network settings are. If you can't read that when it pops up, well sucks your system got owned. Thanks for making life more miserable for the rest of us.

If people took even the minimum effort to keep their systems secure, life would be much better for everyone.

 

[Uncle]

No, I'm saying that people that can't even read the description of the network types that pops up when you plug into a new network deserve what they get. It tells you when the best time to use the public network settings are. If you can't read that when it pops up, well sucks your system got owned. Thanks for making life more miserable for the rest of us.

If people took even the minimum effort to keep their systems secure, life would be much better for everyone.

I teach free windows classes for new users, and I can say that they haven't a clue what you just said. They don't even know that the right mouse has functions or that they can resize windows. they are totally lacking in any skills what so ever. They are not Idiots by any stretch of your imagination.The word network means nothing to them. UNTILL they get some basic training. Think back, how much you knew when you turned on your first computer. I want to remind you that these are the people that are buying computers.Maybe in your world we should pass a law that unless you take a computer course you can't own one. As another example look at the article on the Flash flaw, if the IT isn't doing his job I'm not going to blame a new computer user for malware that got on to his machine.

 

[heatlesssun]

I teach free windows classes for new users, and I can say that they haven't a clue what you just said. They don't even know that the right mouse has functions or that they can resize windows. they are totally lacking in any skills what so ever. They are not Idiots by any stretch of your imagination.The word network means nothing to them. UNTILL they get some basic training. Think back, how much you knew when you turned on your first computer. I want to remind you that these are the people that are buying computers.Maybe in your world we should pass a law that unless you take a computer course you can't own one. As another example look at the article on the Flash flaw, if the IT isn't doing his job I'm not going to blame a new computer user for malware that got on to his machine.

Like you said, they need a little training. What in life don't you need a little training to be able to do. Drive a car, program the DVR, etc. Honestly, properly securing a computer is just a simple checklist of items, nothing major. The biggest thing is attitude. Too many people just click on stuff and have no idea what they are even trying to run. Once you become as suspicious about what you run on your computer as a hitchhiker on the road, you'll have FEW security issues with a Windows computer.

 

[james__bean]

All corporate networks are likely to block this port.

Externally you would hope, but on an internal network nobody blocks these ports. They're used for network browsing and network file shares. If this were an XP vulnerability, you can bet that there would stuff out to exploit this tomorrow. If for nothing else, they would slip it in with various malware to highlight the need for their fake AV products. (System blue screening, buy our product!)

 

[Serpico]

This article is clueless sensationalistic crap and I expect [H] contributors to be able to spot it as such, but based on the rolly eyes from Terry I guess he's not a [H]ard as those of us who actually know WTF is going on here.

Are you kidding? This is par for the course for most tech websites out there, and [H] is far from immune to posting sensationalist crap and deliberately inflammatory headlines. Hell, Terry is way more restrained in this regard than Steve is.

 

[PheonixChameleon]

Certainly got that right Serpico.. but it doesn't help when people don't understand sensationalism and then proceed to jump on to the bandwagon.

 

[darkpaw]

Maybe in your world we should pass a law that unless you take a computer course you can't own one.

I used to clean up the networks at two non-profits that did not have IT staffs, so I'm quite aware of the computer knowledge the average person has. That is the problem and this actually would be about the perfect solution. When someone lets their computer get overrun by crap and its spewing spam onto the net or attacking other systems all day, it affects everyone that uses the net. People should have to have a minimum knowledge level to use a computer just as anything else.

 

[Azhar]

Are you kidding? This is par for the course for most tech websites out there, and [H] is far from immune to posting sensationalist crap and deliberately inflammatory headlines. Hell, Terry is way more restrained in this regard than Steve is.

Bah, Steve isn't sensationalist. He's just having fun.

My uncle's the same way. He would say things to get you riled up and sit back and laugh at his handiwork. It's all in good fun.

Sensationalism is telling exaggerated versions of the truth (or telling white lies) with a straight face like you mean it.

 

[WBurchnall]

People should have to have a minimum knowledge level to use a computer just as anything else.

Well, the nice part is if you wait about 20-30 years, that should happen. I'm not sure in your area, but, I know in my area our local schools have keyboarding + basic computer skills classes starting in grade 7 and continuing through Grade 10. At that point, students have the option of taking an elective called 'Information Technology' in Grade 11/12 that teaches some more advanced stuff. Not to mention the fact that its becoming harder and harder to find a teenager whose never been on the internet, doesn't have basic computer skills and doesn't own either a Facebook, email, twitter or myspace account. I think that must be down to like 0.3% of the 'under 30' population segment or less now.

So give it 20-30 years, and we'll probably have most of the under '50' population segment reasonably well versed in computers.

 

[SirViro]

30 years.. damn, that makes me feel old. I'll be over 50 then

I won't be hip anymore!

 

[Tempest_Prime]

I previously worked at an ISP (switched jobs in September), and we blocked 139 and 445 at the borders of the network. It doesn't stop customers from cornholing one another, but it does keep most of the external threats at bay. When you consider that every other wannabe worm, virus, trojan, exploit, and aspiring adult entertainment star tries to exploit those ports, it just makes sense to nip it in the bud. Side effects to customers have been few to none across the board over the years, and the few who mentioned anything about it got a quick demonstration as to why what they were asking for was not such a hot idea. I think most people opted to either install their own firewall or have someone come in and do it for them at that point... Gotta double bag that stuff and keep the balls from touching.

 

[jellisii]

30 years.. damn, that makes me feel old. I'll be over 50 then

I won't be hip anymore!

No, but you may NEED a hip by then.

 

[Hurin]

Bah, Steve isn't sensationalist. He's just having fun.

Steve didn't post this.

 

[Azhar]

Steve didn't post this.

I didn't say he did. Some other posters said that Terry isn't as sensationalist as Steve is all around in the [H]forum.