Windows 7 and Vista crash via SMB exploit

vista_dx10_bsod

[Laurent Gaffié] has discovered an exploit that affects Windows Vista, Windows 7, and possibly Windows Server 2008 (unconfirmed). This method attacks via the NEGOTIATE PROTOCOL REQUEST which is the first SMB query sent. The vulnerability is present only on Windows versions that include Server Message Block 2.0 and have the protocol enabled. A successful attack requires no local access to the machine and results in a Blue Screen of Death.

[Laurent] has a proof of concept available with his writeup in the form of a python script (please, white hat use only). There is no patch for this vulnerability but disabling the SMB protocol will protect your system until one is available.

Update: According to the Microsoft advisory this vulnerability could lead to code execution, making it a bit worse than we thought. On the bright side, they claim that the final version of Windows 7 is not open to this attack, only Windows Vista and Windows Server 2008.

[via Full Disclosure]

[picture: Inquirer]

Install Windows 7 on your netbook

windows7

No one will ever accuse us of being Windows fanboys; we’re certainly fans of netbooks though (or anything cheap enough that we don’t care if we accidentally burn a hole through it). We’ve heard from quite a few friends that Windows 7 is actually an excellent operating system to run on a netbook and is a dream compared to XP. Gizmodo has compiled a guide to getting the release candidate on your lightweight machine. It’s available now and will work for free for a year. The image is 2.36GB which you need to dd onto a USB device. They recommend at least an 8GB drive, but anything smaller than 16GB and you’ll have to use Window’s compact utility to save space. Other than these space considerations, the install appears to be easy. Let us know about your experiences using Windows 7 on your netbook.