Windows 7, Vista Zero-Day Brings BSoD

[exfileme]

An exploit in the SRV2.SYS driver can allow an attacker to remotely crash a PC with Windows 7 or Windows Vista.

Windows 7, Vista Zero-Day Brings BSoD : Read more

 

[vladtepes]

BSODs are to Windows as the spinning beach ball of death is to Mac OSX

 

[NightLight]

Someone should invent a BSOD vista gadget
Mine would be stuck on "0"!

 

[theLaminator]

I'm still waiting to get a BSOD on my cell phone running Win Mobile, I'd quite possibly laugh my ass off. Though I'd be quite pissed if I lost data

 

[sot010174]

Sorry, but even the pentagon can be hacked, so why Windows would be more secure? I don't see the point in trying to spoil win7 launch party...

 

[BallistaMan]

@vladtepes: Actually, Macs have kernal panics as well - basically a black screen saying "Your computer has crashed" and no useful data (well duh it crashed ). My dad's Macbook Pro gets one of those every month or two at least.

 

[vladtepes]

[citation][nom]BallistaMan[/nom]@vladtepes: Actually, Macs have kernal panics as well - basically a black screen saying "Your computer has crashed" and no useful data (well duh it crashed ). My dad's Macbook Pro gets one of those every month or two at least.[/citation]

Yes I know about that, but the "beachball of death" is much funnier than "kernel panic"

 

[dingumf]

Sweet, has this been patched yet?

No? OH SHI-

 

[aspireonelover]

[citation][nom]vladtepes[/nom]BSODs are to Windows as the spinning beach ball of death is to Mac OSX[/citation]
actually
BSODs are to Windows as the Kernel Panic is to Mac OSX

 

[geoffs]

[citation][nom]BallistaMan[/nom]@vladtepes: Actually, Macs have kernal panics as well - basically a black screen saying "Your computer has crashed" and no useful data (well duh it crashed ). My dad's Macbook Pro gets one of those every month or two at least.[/citation]Sounds like a hardware problem or an incompatible extension (.kext).

My MBP has only given that message 1-2x in 24 months, and I've only seen the spinning beachball a few times. My MBP is rarely rebooted, I usually just put it to sleep.

 

[IzzyCraft]

not bug Feature

 

[False_Dmitry_II]

It's not like you can steal stuff from the computers. It would just be an annoyance, cause then you hit the power button, and continue. You could possibly lose stuff that you were working on but that's about it. I'm sure we'll see a hotfix in the near future.

If it was in vista too, how come it took this long to find?

 

[jhansonxi]

The fact that it also affects Vista proves that Microsoft is serious about backwards compatibility.

 

[JohnnyLucky]

Time to shut port 455. Years ago we used to shut down ports that were not necessary for operation. The idea was to prevent security problems.

 

[CircusMusic]

The test had no affect on the Windows 7 machine.

confirmed to work on windows 7 64bit (crashed it three times about 20 minutes ago...)

 

[rooket]

Does this exploit work over LAN or WAN? Doesn't matter to me at all if it is LAN only. Nice article but for those of us who aren't geniuses kind of looks like something that is a non issue.

 

[matt87_50]

if only you could have 3rd party SMB for windows. sadly they seemed to want to monopolies this.

 

[geoffs]

[citation][nom]JohnnyLucky[/nom]Time to shut port 455. Years ago we used to shut down ports that were not necessary for operation. The idea was to prevent security problems.[/citation]That's but one of many reasons I recommend a separate firewall/router for all users. That router should block all traffic on Windows/CIFS/SMB ports, there is no viable reason to have those accessible on the Internet. That doesn't eliminate the problem, but it localizes it to your LAN, thus minimizing the exposure. If your LAN is as dangerous as the Internet, you've got bigger issues.

If you need to connect into work, use a VPN and those ports/protocols can run over the VPN.

 

[CircusMusic]

[citation][nom]rooket[/nom]Does this exploit work over LAN or WAN? Doesn't matter to me at all if it is LAN only. Nice article but for those of us who aren't geniuses kind of looks like something that is a non issue.[/citation]
I think most ISPs block traffic on this port because of all the issues it brings... like file shares over the internet (I had fun with that lol). Most routers should be blocking it as well but that doesn't mean your safe. plug directly into the internet with an ISP that doesn't block traffic on that port and your vulnerable.

It's a very real concern for any user. for example: piss of someone in an online chat or something and they could DoS your computer. a simple loop in the python script and as long as your computer is connected to the internet you wouldn't be able to use it (would normal users think to unhook the internet when they get a BSOD? not unless they take it in to be "fixed" = $$$ free cash for the tech)

Just because this implementation of the exploit causes BSODs doesn't mean it's the only thing the bug could do.. maybe there's an opening for getting arbitrary code to execute?

 

[Guest]

Bring Back C:\con\con!!!!!!

 

[hemelskonijn]

rooket:

If it works over lan it will work over wan since wan is like a huge lan working on the same principles.
However in the best/worse case scenario a lan exploit needs some tweaking in order to become effective over wan.

 

[firefoxx04]

what he meant by that was... if you got someone hacking you using your lan... you might wanna check the guy next to you.. or someone that shouldn't be using your lan is...

 

[alikum]

Has it ever occurred to you guys that Apple could be paying these guys off to have a crack at Windows? Well, just a thought.

 

[randomizer]

[citation][nom]aspireonelover[/nom]actuallyBSODs are to Windows as the Kernel Panic is to Mac OSX[/citation]
Yes, this is not the hour glass of doom or the spinning Blue Ring of Death, which would be equivalent of the beach ball.

[citation][nom]IzzyCraft[/nom]not bug Feature[/citation]
It wouldn't surprise me if they said that. Remember the Win 7 UAC exploit? :lol:

[citation][nom]alikum[/nom]Has it ever occurred to you guys that Apple could be paying these guys off to have a crack at Windows? Well, just a thought.[/citation]
Well it makes finding bugs easier for Microsoft so in the end it's probably benefiting everyone except Apple.

 

[Ciuy]

big friking deal, stop hyping on nonsense.

useless article ment for weak ppl. Now all go buy most expensive anti-virus.