Unpatched Windows flaw sparks concern

September 10, 2009 // 2:02 p.m.

Tags: #0-day #smb #vulnerability #windows #windows-7 #windows-server-2008-r2 #windows-vista #zero-day

Companies: #microsoft

The news in Windows-land continues to worry, with Microsoft revealing an unpatched vulnerability in Windows which can lead to remote code execution.

As reported over on InfoWorld, Microsoft has confirmed reports that an as-yet unpatched security flaw in the latest version of the SMB (Server Message Blocks) networking subsystem on Windows Vista can lead to remote code execution.

It's not just Vista users who should worry, either: the company has admitted that Windows 7 and Windows Server 2008 suffer from the same flaw, which can be used to either remotely control an affected system or simply crash multiple boxes with ease.

If you were hoping to upgrade to Windows 7 for improved security, don't despair quite yet: tests carried out by nCircle's Tyler Reguly have shown that while the Windows 7 and Windows Server 2008 R2 release candidates are vulnerable, the Release To Manufacturing version - which represents the code which will ship in the final release - are unaffected by the flaw.

Nevertheless, it's a pretty major issue. Coming as it does so soon after another unpatched vulnerability in Microsoft's IIS software started being actively attacked, it's going to be a bad time for Windows sysadmins.

So far Microsoft has not commented on the likelihood of an out-of-cycle patch - released outside its normal monthly Patch Tuesday schedule - for either bug, despite administrators worldwide clamouring for fixes.

Does this make you worry about the safety of your Windows box, or do you have faith that Microsoft will come right in the end? Share your thoughts over in the forums.
Discuss this in the forums

QUICK COMMENT

Join us at the Thermaltake UK Modding Trophy 2018 Finals!

Week in review

WEEK IN REVIEW

TOP STORIES

SUGGESTED FOR YOU