1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Researcher Finds Denial Of Service Vulnerability In Window 7

Discussion in 'Security Updates' started by snoopy, Oct 18, 2012.

  1. snoopy

    snoopy Registered Members

    Joined:
    Aug 1, 2010
    Messages:
    1,671
    Location:
    At my computer
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    custom built -
    A few weeks ago I had a blue screen with similar text on it when I started up my computer … I could not proceed until I did a reboot after which there was no issue. I am currently using Windows XP. I am very meticulous about keeping my computer updated, scanned frequently, and general cleanup. This blue screen came as a surprise. I did scan my compute later with Eset & Avast Pro & Malwarebytes Pro .. nothing malicious was found. :)
    ……………………………………………………………………………………………………………….
    Researcher Finds Denial of Service Vulnerability in Window 7
    A complete proof-of-concept code has been published
    by Eduard Kovacs - on October 17th, 13:41 UTC

    [attachment=1273:Researcher Finds Denial of Service Vulnerability in Window 7 - Softpedia_1350538068565.png]

    A researcher that goes by the name of Max claims to have identified a denial-of-service (DOS) vulnerability that affects fully updated versions of Windows 7 and possibly even Windows Vista. He reveals that a blue screen of death (BSOD) can be triggered by making a “very specific set of operating system calls.”

    Although he hasn’t been able to determine if the security hole can be used by an attacker to execute arbitrary code, he confirms that it could be utilized to corrupt kernel memory and cause a DOS state. To demonstrate his findings, he published the complete code (written in C) needed to trigger the bug.

    Max has been unable to determine what causes the crash, but he believes that it might be “some kind of race condition involving some local procedure calls. “

    “I can't say whether or not this bug could be engineered to bring about execution of arbitrary code. That determination needs to be made by a Windows system
    programmer. Hopefully somebody at Microsoft will conduct a deeper analysis and fix this problem,” he wrote next to the proof-of-concept.

    I will attempt to contact Microsoft representatives to see if they can tell us whether the vulnerability can be used to execute arbitrary code.

    http:/ ews.softpedi...Window-7-2.jpg/
     
    snoopy, Oct 18, 2012
    #1

Share This Page