Windows 7 zero-day reported

Posted by tracyanne on Sep 9, 2009 5:16 AM EDT
ZDNet; By Tom Espiner
Mail this story
Print this story

A security researcher has said there is a zero-day vulnerability affecting Windows 7 and Vista.

[And so it begins. - Tracyanne]

The flaw in Windows 7 could allow an attack which would cause a critical system error, or "Blue Screen of Death", according to researcher Laurent Gaffie.

Gaffie wrote in his blog that the flaw lies in a Server Message Block 2 (SMB2) driver.

"SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionality," wrote Gaffie in a blog post on Monday.

Gaffie said he had contacted Microsoft. Comments on his blog by other users said that the flaw could lead not only to denial of service, but could also lead to remote code execution.

Full Story

  Nav
» Read more about: Story Type: News Story; Groups: Microsoft

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.