Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Microsoft Security Advisory 977544 Released

13 Nov 2009   #1
SGT Oddball

 
Microsoft Security Advisory 977544 Released

Quote:
Today we released Security Advisory 977544 to provide information, including customer guidance, on a publicly reported Denial-of-Service (DoS) vulnerability affecting Server Messaging Block (SMB) Protocol. This vulnerability, in SMBv1 and SMBv2, affects Windows 7 and Windows Server 2008 R2. Windows Vista, Windows Server 2008, Windows XP, Windows Server 2003 and Windows 2000 are not affected.



I want to be clear that this is a DoS vulnerability that is unrelated to Microsoft Security Bulletin MS09-050 which addressed a remote code execution vulnerability in the SMBv2 protocol. This vulnerability would not allow an attacker to take control or install malware on a user’s system, but could cause the affected system to stop responding until manually restarted.



We are actively monitoring this situation to keep customers informed and will provide additional guidance as necessary. While we are not currently aware of active attacks, we continue to recommend customers review the mitigations and workarounds detailed in the Security Advisory to protect themselves as we work to develop a comprehensive security update.



As always, we are working with our Microsoft Active Protections Program (MAPP) partners to help provide broader protections for customers and as we become aware of new information, we’ll provide additional updates as appropriate through the Security Advisory and the MSRC blog.



As always, we continue to encourage the responsible disclosure of vulnerabilities to help ensure customers receive high-quality security updates without exposure to malicious attacks.



Thanks,



Mike Reavey



*This posting is provided "AS IS" with no warranties, and confers no rights*

More...


My System SpecsSystem Spec
.

14 Nov 2009   #2
Teerex

Windows 7 x64 Ultimate SP1
 
 

This is the way this story went, as far as I could see the flow of events:

Laurent G. discovered this error in SMB (this protocol seems to be an inexhaustible bag of bugs) and reported it to MS. They responded that their intentions with respect to the timetable is to patch this with a Service Pack.

This seems to have set him off, because he thought his bug is kinda serious and his very proud of himself finding it and he and his bug deserve some better treatment. So he published the exploit code.

He got his way, because MS now has to patch this soon, maybe even with an out-of-band update, not because of us Windows 7 users but because it affects Server 2008 R2, and that is serious.
My System SpecsSystem Spec
Reply

 Microsoft Security Advisory 977544 Released




Thread Tools





Similar help and support threads
Thread Forum
Microsoft Security Advisory 2458511 Released
Microsoft released Security Advisory 2458511 which relates to a vulnerability in Internet Explorer that could allow remote code execution. The vulnerability does not affect IE9 Beta but the other versions of IE are affected. As indicated in the MSRC Blog, the impact of this vulnerability is ...
News
Fix it Released for Security Advisory 2286198
Microsoft updated Microsoft Security Advisory 2286198 to provide an automated "Fix It" solution to implement the workaround provided in the original Security Advisory release. The Fix it disables .LNK and .PIF file functionality automatically on a computer that is running Windows XP, ...
News
Microsoft Security Advisory 977981 Released
More...
News
Microsoft Security Advisory 975497 Released
More...
News
Microsoft Security Advisory 975191 Released
More...
News
Microsoft Security Advisory 973472 Released
More...
News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:32.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App