Microsoft admits critical Windows 7 bug

And people will no doubt continue regardless in purchasing the software even if M$ "claim" to have it fixed :)

By nicomo on 10 Sep 2009

Much ado about nothing.

This SMB vulnerability is wildly overhyped, as are most bugs of this nature when they are posted on the internet.

One: It affects Windows Vista and pre-RTM Windows 7. How many buisinesses are actually running Vista? It's a fractional percentage compared to those still running XP. And no business in its right mind would be running pre-release software in its production environment. Server 2008 is a bit more worrying admittedly, but that's again, less of an issue thanks to point #2.

Two: This vulnerability is not, by any means, remote execution, simply because you actually have to enable ports 139 and 445 for public network access for it to be - something that is not set as default on any of the affected operating systems, and has no reason to be enabled in any real environment. This means that: Any attack would need to be from the local network (read: not particularly remote), and if a company is allowing blackhat hackers to infiltrate its local premesis, there would be a LOT mroe too worry about than crashing servers. Like, for instance, trashing them with a baseball bat.

Like most news articles, this was clearly meant with best intentions but, like everywhere else on the interwebs, theres really little substance behind the FUD.

By Omoronovo on 10 Sep 2009

Firewalls...

Most computers are behind firewalls these days, so it isn't such a problem as it could have been.

Business users will generally be safe behind corporate firewalls, so the attacker needs to be inside your network.

Likewise, home users with a router should also be safe, unless they have unprotected Wi-Fi.

Public Wi-Fi is a problem, but the attacker will, again, have to be on the local network.

The biggest risk would be Vista users on a USB Modem connection, the could be vulnerable, but in that case, why would they even have SMB2 activated, it is for local file sharing.

It is a major bug, it needs patching quickly, but I feel the risks are fairly minor for a majority of users - and it should hopefully be fixed by the time the production version is released to the general unwashed.

By big_D on 10 Sep 2009

Well it says RTM is not affected so I'd imagine the production version is not affected. Bit confused with the story. If they have fixed it already then is this a story or have they not fixed it in the RTM?

By marklitt on 10 Sep 2009

You're right Mark,

The RTM is not affected. But since only a fraction of people using windows 7 are using the RTM (general availability/release is set at 22/10/09), then it means almost all windows 7 users are going to be affected.

I am using the RTM thanks to my technet license, but not everyone has the luxury of MSDN/technet licenses to test and use new software - that coupled with the fact that a lot of vista naysayers may stick with Windows 7 RC until march 2010 when it starts restarting every 2 hours, waiting to get past the critical first few months of windows 7's release, expectign showstopper bugs and performance issues like those expected with vista.

But again thanks to the default configuration and difficulty in causing this to be an exploitable problem, I doubt real occurrences of this exploit to be low.

By Omoronovo on 10 Sep 2009

Yeah I'm using the RTM too. I was commenting more on the fact that the headlines suggest that Windows 7 is being released with a critical flaw whereas it was the betas, which we all know will have bugs and flaws. Really this is a story more about a flaw in Vista

By marklitt on 10 Sep 2009

"This vulnerability is not, by any means, remote execution, simply because you actually have to enable ports 139 and 445 for public network access for it to be.."

I don't see that as a mitigating factor. Active Directory networks typically do not have firewalling between desktops, therefore an infected computer, brought-in from outside, could in principle take-out the lot, like a line of dominoes.

By Anteaus on 11 Sep 2009

I'm sorry if I didn't make myself clear -

If you read my comment again, I mentioned that the only people who would have something like that on their computer would be someone who had physical access to the network. Windows Server 2008 networks use (or SHOULD use..) Network Access Protection, which would mean any computer connecting to the network would be unable to if anti-virus and security factors were not set up properly (as per the administrators own requests), mostly mitigating the possibility of a problem like this being possible.

As I mentioned before, a corporate computer on the network (as long as it's secured by NAP) should pose little threat, but if a hacker got in on the network, there's far more to worry about than an exploit like this, which more often than not just causes a simple BSOD. Administrators would pick up on this quickly and find the offending computer that caused the problem. If a hacker were to gain access tot he network through other means there are far more effective hacks that could/would be use to cause remote execution or other such issues.

Now I'm not naive enough to assume all networks are set up this way, but all I'm saying is that the true danger of this vulnerability has been WAY over-hyped since it would require a very specific set of (truthfully, not very likely) circumstances to have it be much of a problem. A well set up network should already have most of these factors mitigated; the low adoption of Vista in the business sector limits the overall usefulness of this exploit, not mentioning the fact that the exploit itself is very unreliable.

By Omoronovo on 11 Sep 2009

Split intentions...

There's two topics here. One is, how important is the problem; the other is, has it been pitched correctly. Technically, it's not an "exciting" bug, which is where ost of you guys are focusing your interest.

However; in terms of the maketplace, it's a humdinger. Very few people are as yet on the target platform, that's true: owever, I would suggest that those who are, are exceedingly unlikely to take the right protective steps. Vista and Server 2008 takeup in smaller businesses has been a "blind leading the blind" process, where trivial isues like these don't get noticed either by a gadget-happy buyer, or by their margin-addicted service company.

So I suspect that in fact, it's not overhyped at all. Getting information about risks through to these people is not an easy task.

By Steve_Cassidy on 11 Sep 2009