Windows 7 Zero Day Flaw: Microsoft Weighs In

Less than a day after its last Patch Tuesday release Microsoft was forced to admit the existence of a Windows 7 zero day bug affecting the Server Message Block, or SMB protocol used for sharing files and printers. It's serious, too: according to reports, the vulnerability could allow a hacker to remotely crash Windows 7 (or, alternatively, a Windows Server 2008 R2 system).

We first reported on this issue last week, but at the time the Redmond-based software giant had yet to weigh in. Microsoft responded to the issue by releasing an advisory that describes in closer detail exactly what Windows 7 users need to know about the flaw. For one, the company says it cannot be employed to actually take control of a PC from a remote location, making it impossible for a hacker to exploit it in order to upload malware or a virus. Instead, it can only be used to crash a system, which on the surface sounds far less serious, and it is -- however, in the right (or wrong) hands the vulnerability could be used to virtually paralyze a high-priority target like a government office or major corporate entity.

MS "not currently aware of active attacks"

Thankfully, it doesn't seem any of these worst-case scenarios have emerged. "Microsoft is not currently aware of active attacks that use this exploit code or of customer impact at this time," Microsoft announced in its advisory. (Source: crn.com)

In order to solve the issue, Microsoft is working closely with partners the Microsoft Active Protections Program, or MAPP. Emphasizing the fact that it is "actively monitoring" the issue, Microsoft could have a fix ready for December's Patch Tuesday update. Some speculate that it could come sooner in the form of an emergency patch release, and that's entirely possible given Microsoft's interest in seeing Windows 7 continue to be well received by consumers and critics alike.

Microsoft Rips Security Researcher

One thing's for certain: Microsoft isn't happy about how this issue first made headlines. Rather than immediately report the flaw to Microsoft, security researcher Laurent Gaffie instead published it on the Full Disclosure mailing list, making it public domain.

"We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests," Microsoft snipped in its advisory. "This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed."

This is the second time Gaffie has found a flaw of this kind. Back in September, he discovered a similar vulnerability that Microsoft eventually narrowed down to just Vista and Windows Server 2008, fixing the problem in an October Patch Tuesday release. (Source: arstechnica.com)