Exploits

windows_7_preview Windows 7 fans were rejoicing when Microsoft released a patch on Tuesday because their system was not affected in any way by the six security issues. The rejoicing was short-lived, however, as news has been released that there IS a bug that can crash a Windows 7 system. The bug has been named Zero-Day Exploit and was discovered by Laurent Gaffie.

PC World provides further details:

The issue is in the SMB (Server Message Block) protocol that forms the backbone of Windows file sharing. When triggered, the flaw results in an infinite loop which renders the computer useless.

Tyler Reguly, Lead Security Research Engineer with nCircle, explains “Exploitation of this vulnerability occurs when a user attempts to browse to Windows Share hosted on the malicious server. On Windows 7, the DoS (denial of service) will occur as soon as you type ‘\\\’ in the search box. ” The vulnerability actually impacts both Windows 7 and Windows Server 2008 R2.

While the threat is very much real, experts say that the chances of the bug being exploited are quite low:

There are currently a couple different proof-of-concept exploits circulating, but there are no reported attacks in the wild at this point. Because the flaw only enables an attacker to crash the system, and doesn’t provide any unauthorized remote access that could lead to compromising information or performing other malicious activities, the odds of the exploit being actively used by attackers is fairly slim.

So what are Windows 7 users supposed to do now? Currently, Microsoft has not yet released a patch to deal with the threat. I suppose the only sensible thing to do is to be more careful with regard to visiting web sites, especially if you are unsure of its legitimacy.

Photo courtesy of Megaleecher

The evolution of the internet has given us the Web 2.0 which is a more open form of the previous internet. The traditional internet had people and companies make their own web sites on their own computers or servers, with anybody else just logging in and getting (actually it’s more of reading) the stuff that you need and leave without getting a chance to tell the site’s owner if the information was either very helpful or a complete waste of time. Net 2.0 has allowed the opening up of borders between the said linked computers allowing people to become more interactive in their use of the web. You search for an article on the web through a search engine and find yourself in a blogging site. The information you find is very much useless so you leave a comment telling the owner such. He then reads the post and makes the information on the blog more informative thus giving him feedback on the contents of the site. This was totally unheard of in the old internet days when, what you see was what you got (literally).

The social Net 2.0 has allowed users to influence the way the internet is setup along with the information it contains. Companies get instant feedback from users thus allowing them to improve customer services. The problem, exploits or another form of malicious code that is up to no good. Imagine a social web site like MySpace where you have a page that you share over the net with your pal’s. A hacker finds a hole in the security net and leaves a few short lines of code in the form of a hidden program. It then takes all information you send and receive or use, such as purchase information from internet-based companies. This exploit, turns your page or rather the information gathered from it into his personal atm machine, using the information he has leeched and goes on a shopping spree online. Sounds crazy? You figure it out. Google found almost half a million of such exploited sites out of only 4.5 million surveyed sites (which is only a fraction of the total computers linked on the internet).

You do the math….

Windows 7 Hit By Zero-Day Exploit

Another Bug hiding in the Thick – Exploits