Windows 7还没有正式发布,当然正式版已经有不少人用上了,安全研究人员 Laurent Gaffie 最近警告,Windows Vista和7已经可以被黑客入侵,漏洞出现在Server Message Block 2 (SMB2)驱动上.
Gaffie表示,SRV2.SYS无法持有一个畸形的SMB头,导致远程代码执行和拒绝服务,目前微软并没有针对此漏洞给出攻击方案.目前能导致Vista重启的攻击代码已经出现,但暂时对Windows 7无效.
报告:http://news.cnet.com/8301-1009_3-10346664-83.html
Windows 7, Vista zero-day flaw reported
by Tom Espiner Font size Print E-mail Share 102 comments Yahoo! BuzzMicrosoft said on Tuesday that it is investigating reports of a zero-day vulnerability affecting Windows 7 and Vista.
The flaw in Windows 7 could allow an attack which would cause a critical system error, or "blue screen of death," according to researcher Laurent Gaffie.
Gaffie wrote in his blog that the flaw lies in a Server Message Block 2 (SMB2) driver.
"SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionality," wrote Gaffie in a blog post Monday.
Gaffie said he had contacted Microsoft. Comments on his blog by other users said that the flaw could lead not only to denial of service, but could also lead to remote code execution.
Microsoft said in a statement on Tuesday that it was investigating, but said it is "currently unaware of any attacks trying to use the claimed vulnerability or of customer impact."
Computer security publication "The H" wrote on Tuesday that its German sister publication had tested the proof-of-concept code, and that while the exploit had caused a reboot on Vista, the exploit had not worked on Windows 7.
Metasploit creator HD Moore said in a tweet on Tuesday that an SMB bug appeared to have been introduced into Vista SP1. Coder Josh Goebel said in a blog post that he had added the exploit code to Metasploit.
Tom Espiner of ZDNet UK reported from London. CNET News' Ina Fried contributed to this report.
********************************************************
google自动翻译
视窗7,Vista中的零日缺陷报告
汤姆Espiner字体大小打印E - mail分享102评论雅虎BuzzMicrosoft周二表示,它正在调查的一个零日缺陷影响Windows 7和Vista的报告。
在Windows 7的缺陷能够使攻击将造成严重的系统错误,或“蓝屏死机”,据研究人员劳伦特加菲耶。
加菲耶在其博客中写道,这个安全漏洞在服务器消息块2(SMB2谎言)驱动程序。
“SRV2.SYS处理不畸形的谈判协议请求头的功能中小企业写道:”在博客中日加菲耶。
加菲耶他表示已联络微软。在他的博客的其他用户的评论说,这个安全漏洞可能导致不仅拒绝服务攻击,但也可能导致远程执行代码。
微软在上周二表示,正在调查声明,但表示,“目前任何试图利用声称漏洞或攻击,不知道客户的影响。”
计算机安全刊物“的H”,在星期二说,其德国姊妹刊物已测试的概念代码证明,虽然该漏洞已经引起了在Vista重新启动时,利用了不能在Windows 7工作。
Metasploit的创始人摩尔说,在周二鸣叫,一个SMB漏洞似乎已经在Vista SP1中引入。编码器乔希戈贝尔说,在博客中,他曾利用代码添加到Metasploit安全测试工具。
汤姆ZDNet英国Espiner从伦敦报道。 CNET新闻'CNET科技促成了这一报告。 |
|
发表于 2009-9-9 13:31