Greg Johnston, tech columnist
Microsoft acknowledged earlier this week that code had been released that could lead to crippling denial of service (DoS) on it’s newly launched Windows 7 operating system and Windows Server 2008. The exploit, relating to the SMB network protocol commonly used by Windows systems to find and access shared files, printers, and so on networks, was publicized by security researcher Laurent Gaffie in a rather blunt and critical blog post concerning Microsoft’s Security Development Lifecycle processes.
I mentioned this security vulnerability in passing in my earlier article on how and why to disable Windows Autorun; as it turns out, my not returning to the subject sooner was probably for the better, because while a zero-day exploit is a serious concern, this one in particular turns out to be less likely to cause problems for typical home or small business users of Windows 7 or Server 2008, although it does show a bit of the very human drama that occurs in the supposedly cool and logical world of computing.
Zero-day exploits are security vulnerabilities that are “publicized”, either by hackers who immediately use them to attack systems, or they may be released by security researchers, for whom when they do so is often in response to what they perceive as stonewalling on the part of the software publisher. The zero-day moniker derives from the amount of time the software vendor has to respond and develop a fix before the vulnerability is exploited.
Zero-day exploits can be amongst the most insidious security problems. The problem may allow computers to be remotely compromised (via the Internet), with little or no real defence available for users or network administrators, until the software publisher or security vendors can develop a fix (patch). The patching process can take days, weeks, or even months (in rare cases, years) to create a fix that doesn’t cause other problems, so starting from the position of an exploit already being public puts the software vendor in a bad position.
Now, that all sounds very bad, especially because Microsoft publicized Windows 7 as its “most secure OS ever” and coming barely three weeks into the official public release. It might also seem like Mr. Gaffie acted irresponsibly as a security researcher in doing so – a regular software soap opera, as it were.
The soap opera part: besides the testy and openly critical language of the posting, which would be unprofessional in nearly any field, Mr. Gaffie released this exploit to put fire under Microsoft’s feet for another, as yet unreleased vulnerability. The implication being that Microsoft has failed to respond or develop a fix for another security problem Gaffie has made them aware of.
Legitimate security researchers don’t take well to being ignored by a software publisher. This is because they quite rightly are concerned that if they have found a vulnerability, so too will criminal hackers. It is also because being recognized or acknowledged by the software vendor, especially big companies like Microsoft, Apple, and Adobe is important advertising, as it were, for the researcher and his or her firm.
In this particular case, Mr. Gaffie apparently released the SMB DoS exploit publicly to put pressure on Microsoft to fix another issue, one that presumably is more serious, and/or widespread in nature. So the SMB exploit on Win 7 was his trump card to try to force Microsoft to quicker action on this other, still unpublicized issue.
The SMB exploit released can cause a user’s computer or server to hang upon visiting a rigged website, (enter an infinite loop of self-referencing software instructions – more simply, crash), requiring a forced restart, but it can’t be used to remotely execute code or otherwise launch attacks on your computer over the network or Internet
If you visit a website and your computer hangs, don’t visit that website again. Simple enough, although if you read and follow the instructions in the Microsoft bulletin linked below, you can block the SMB vulnerability – at the expense of likely causing file and printer sharing to not work on your home or small business network.
We’ll just have to wait and see if Microsoft issues a patch in upcoming days or weeks acknowledging another security issue brought to their attention by Laurent Gaffie to better judge if Mr. Gaffie was correct in embarrassing Microsoft in this way, or if he was being a bit of a “drama queen”.
Greg Johnston
greg@infotrek.ca
www.infotrek.ca
http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html
http://www.microsoft.com/technet/security/advisory/977544.mspx
http://blogs.zdnet.com/security/?p=4938&tag=trunk;content
Related posts:
- COMPUTER SECURITY PROBLEMS: IT'S NOT JUST WINDOWS Greg Johnston, tech columnist Today, I’m going to alert readers...
- WHY YOU SHOULD DISABLE WINDOWS AUTORUN – HERE'S HOW TO DO IT Greg Johnston, tech columnist Windows 7 has been out for...
- WINDOWS PROBLEMS (AND COMPUTERS GENERALLY): DON'T PANIC – PART 1 Greg Johnston, tech columnist For readers who may be unfamiliar...
- WINDOWS AND COMPUTER PROBLEMS – "DON'T PANIC" PART 2 Greg Johnston, tech columnist In my previous article, I reflected...
- MICROSOFT'S "PATCH TUESDAY" AND WHY YOU SHOULD PAY ATTENTION Greg Johnston, tech columnist This past Tuesday was Patch Tuesday,...
Related posts brought to you by Yet Another Related Posts Plugin.
I’ve had it with windows. Mac can do it all without the grief. When the two PC’s in our house are outdated (or completely unused), the replacements will feel at home with our Macs which have never had an issue.