“Microsoft late on Friday confirmed that an unpatched vulnerability exists in Windows 7, but downplayed the problem, saying most users would be protected from attack by blocking two ports on their firewall,” Gregg Keizer reports for Computerworld.
“In a security advisory, Microsoft acknowledged that a bug in SMB (Server Message Block), a Microsoft-made network file and print-sharing protocol, could be used by attackers to cripple Windows 7 and Windows Server 2008 R2 machines,” Keizer reports. “The zero-day vulnerability was first reported by Canadian researcher Laurent Gaffie last Wednesday, when he revealed the bug and posted proof-of-concept attack code to the Full Disclosure security mailing list and his blog. According to Gaffie, exploiting the flaw crashes Windows 7 and Server 2008 R2 systems so thoroughly that the only recourse is to manually power off the computers.”
Keizer reports, “Attacks could be aimed at any browser, not just Internet Explorer (IE), Microsoft warned. After tricking users into visiting a malicious site or a previously-compromised domain, hackers could feed them specially-crafted URIs (uniform resource identifier), and then crash their PCs with malformed SMB packets.”
Keizer reports, “Microsoft said it may patch the problem, but didn’t spell out a timetable or commit to an out-of-cycle update before the next regularly-scheduled Patch Tuesday of Dec. 8. Instead, the company suggested users block TCP ports 139 and 445 at the firewall. Doing so, however, would disable browsers as well as a host of critical services, including network file-sharing and IT group policies.”
MacDailyNews Take: Oh, that’s convenient. Who needs to browse the Web with their PC, anyway? Just wait until December 8th. Good thing you “saved” $69 on that shitastic Dell laptop instead of getting that Apple MacBook you really wanted, huh, Lauren? Lauren? Oh, Laaauuuren?
Full article here.
Direct link via YouTube here.