Windows 7 Reintroduces An Unwelcome Feature

Those who remember back to the glory days of computing, with Windows in the 1990s, might also remember a neat little trick that could be done to someone else from afar, bring the dreaded Blue Screen of Death to them remotely. Quite a prank, but most did not appreciate the favor (or the ostensible humor).

from slashdot

David Gerard writes “Remember the good old days of the 1990s, when you could teardrop attack any Windows user who’d annoyed you and bluescreen them? Microsoft reintroduces this popular feature in Windows 7, courtesy the rewritten TCP/IP and SMB2 stacks. Well done, guys! Another one for the Windows 7 Drinking Game.”

and from ZDNet

Exploit code for a remote reboot flaw in Microsoft’s implementation of the SMB2 protocol has been posted on the internet, exposing users of Windows 7 and Windows Vista to the teardrop attacks that used to be popular on Windows 3.1 and Windows 95.The demo code, published on the Full Disclosure mailing list, allows an attacker to remotely crash any Windows 7 or Windows Vista machine with SMB enabled.  No user action is required.From the advisory:

SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionality.The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it’s usedto identify the SMB dialect that will be used for further communication.

The researcher who discovered the issue said Windows 2000 and Windows XP are not affected because they do not have the vulnerable driver.The exploit has been added to the Metasploit point-and-click attack tool. Metasploit’s HD Moore believes the bug was introduced with Windows Vista SP1.The folks at The H Online got the exploit to fire on Windows Vista but could not replicate the issue on Windows 7.  In the absence of a patch from Microsoft, they suggest closing the SMB ports by un-ticking the boxes for file and printer access in the firewall settings.

Yet another fun thing to have added to all the other things that Microsoft apparently forgot to fix, and yet no one in the press reported. Is it possible that all of the ‘in-depth’ reports we have been getting on Windows 7 are much more cursory than we might suspect?

I find it truly amazing that, during all the extensive beta test cycle, with what seemed like a myriad of leaked revisions, not one review I read (and believe me, I read more than a few) reported this behavior. You would think that when getting hold of a new piece of software from a company that has, with a previous version, or versions, had problems that could easily be replicated, the very first thing you’d do, when flogging, is try all the old stuff, to see what breaks. (- I know that is precisely what I do, as many companies forget, and the same old bad habits creep back in to the same places) That is supposed to be what version control, and learning from past mistakes, is all about.

Oh, well, get out the list!

§

‘

‘