I do wonder sometimes about Microsoft’s quality assurance. No, I tell a lie. I always wonder about Microsoft’s quality assurance. As in, “How can they keep making mistakes like this?” In the latest, a new SMB vulnerability has been found and exploited that can lock-up any Windows 7 or Server 2008 R2 system.
As reported in ComputerWorld, Laurent Gaffie posted details of the vulnerabilities, along with proof-of-concept exploit code, to the Full Disclosure security mailing list today, as well as to his personal blog. Gaffie claimed that his exploit crashes the kernel in Windows 7 and its server sibling, Windows Server 2008 R2, triggering an infinite loop. Or, as he puts in so well in the exploit’s code: “‘Most Secure Os Ever’ –> Remote Kernel in 2 mn. #FAIL,#FAIL,#FAIL”
He’s right. It is a major fail. I tested it on my machines and, as predicted, it locked my Windows 7 or Server 2008 R2 systems up so badly that my only choice was to pull the plug. This exploit does nothing, however, to older versions of Windows. It bounced off my Windows XP SP3 and Server 2003 and Server 2008 systems.