Tuesday, September 08, 2009

Windows 7 allows remote blue-screen attacks | Electronista:

Windows 7 when it ships next month will be vulnerable to an attack that hasn't been possible since 1999, a new vulnerability found by a security researcher shows. Sending a deliberately malformed network negotiation request can force a Windows 7 system into a page fault that triggers a "blue screen of death" error, even without the user's help in launching the code. The attack affects both 32-bit and 64-bit versions of the OS.

The flaw stems from the rewritten network stack inherited from Vista, which itself has also been discovered as vulnerable to the attack. Although Microsoft had patched the exploits out of Windows 2000 and XP, the complete overhaul is now thought to reintroduce a problem that hasn't existed since earlier Windows releases.