Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

[News] [Rival] Microsoft Admits "Heap Corruption in Windows 7"

  • Subject: [News] [Rival] Microsoft Admits "Heap Corruption in Windows 7"
  • From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
  • Date: Sun, 03 Jan 2010 22:01:10 +0000
  • Followup-to: comp.os.linux.advocacy
  • Newsgroups: comp.os.linux.advocacy
  • User-agent: KNode/4.3.1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Russinovich: A possible cure for exploitable heap corruption in Windows 7

,----[ Quote ]
| The key to a huge plurality, if not a 
| majority, of exploits that have plagued 
| Microsoft Windows over the past two decades 
| has been tricking the system into executing 
| data as though it were code. A malicious 
| process can place data into its own heap -- 
| the pile of memory reserved for its use -- 
| that bears the pattern of executable 
| instructions. Then once that process 
| intentionally crashes, it can leave behind a 
| state where the data in that heap is pointed 
| to and then executed, usually without 
| privilege attached.
`----

http://www.betanews.com/article/Russinovich-A-possible-cure-for-exploitable-heap-corruption-in-Windows-7/1262199764

Windows 7 might get fixed 

http://www.theinquirer.net/inquirer/news/1567058/windows-fixed

Long-time Windows vulnerability might be fixed soon

http://www.mxlogic.com/securitynews/web-security/longtime-windows-vulnerability-might-be-fixed-soon382.cfm


Recent:

Is Microsoft Overhyping Security In Windows 7?

,----[ Quote ]
| Microsoft has been aggressively marketing
| the security improvements in Windows 7, but
| some security experts believe this strategy
| could leave the software giant open to some
| unpleasant repercussions.
`----

http://www.crn.com/security/221601336;jsessionid=1PUCNFDYQWQKVQE1GHPSKH4ATMY32JVN


Microsoft patching zero-day Windows 7 SMB hole

,----[ Quote ]
| Microsoft on Friday said it is working on a
| fix for a vulnerability in the Server
| Message Block file-sharing protocol in
| Windows 7 and Windows Server 2008 Release 2
| that could be used to remotely crash a
| computer.
`----

http://news.cnet.com/8301-1009_3-10397759-83.html


Microsoft acknowledges Windows 7 security threat

http://www.examiner.com/x-5258-Detroit-Technology-Examiner~y2009m11d12-Microsoft-acknowledges-Windows-7-security-threat


Microsoft confirms first Windows 7 zero-day bug

,----[ Quote ]
| The zero-day vulnerability was first
| reported by Canadian researcher Laurent
| Gaffie last Wednesday, when he revealed the
| bug and posted proof-of-concept attack code
| to the Full Disclosure security mailing list
| and his blog. According to Gaffie,
| exploiting the flaw crashes Windows 7 and
| Server 2008 R2 systems so thoroughly that
| the only recourse is to manually power off
| the computers.
`----

http://www.computerworld.com/s/article/9140858/Microsoft_confirms_first_Windows_7_zero_day_bug


Microsoft being a Onecare

,----[ Quote ]
| For starters, it uses an ActiveX control -
| Internet Explorer required in other words -
| that's annoyingly hard to install. You get
| warnings galore from Windows 7's UAC and IE
| about popups and do you really really really
| want to install something that has the
| potential to roger your system well and
| truly?
`----

http://www.geekzone.co.nz/juha/6933


Microsoft issues first Windows 7 patches

,----[ Quote ]
| Microsoft's massive security update last
| week included patches for nine Windows 7
| vulnerabilities, far fewer than were issued
| for Windows Vista and Windows XP.
`----

http://news.idg.no/cw/art.cfm?id=6C9A9B1E-1A64-6A71-CE31A080914EC95C


Windows 7 is 'insecure', warns F-Secure

,----[ Quote ]
| The new operating system's Windows Explorer file manager still misleads users
| about the true extension of a file, said Patrik Runald, chief research
| advisor at Helsinki-based F-Secure.
`----

http://www.computerworlduk.com/management/security/cybercrime/news/index.cfm?RSS&newsid=14648


Windows 7 Fail

,----[ Quote ]
| Windows 7 RC is out today.
|
| This is great news.
|
| Because surely by now they've fixed Windows Explorer.
|
| You see, in Windows NT, 2000, XP and Vista, Explorer used to Hide extensions
| for known file types. And virus writers used this "feature" to make people
| mistake executables for stuff such as document files.
|
| The trick was to rename VIRUS.EXE to VIRUS.TXT.EXE or VIRUS.JPG.EXE, and
| Windows would hide the .EXE part of the filename.
`----

http://www.f-secure.com/weblog/archives/00001675.html


Microsoft patches first critical bug in Windows 7 beta

,----[ Quote ]
| Microsoft Corp. patched the first critical vulnerability in Windows 7 Tuesday
| as it rolled out an update that fixes three flaws in the new operating
| system's kernel.
`----

http://www.itworld.com/windows/64099/microsoft-patches-first-critical-bug-windows-7-beta


Experts: Windows 7 at risk from legacy flaw

,----[ Quote ]
| For example, malicious code writers could name a 'virus.exe' file
| as 'virus.txt.exe' or 'virus.jpg.exe', he said. Windows Explorer would then
| hide the .exe part of the filename, meaning that the user would only
| see 'virus.txt' or 'virus.jpg'. Additionally, virus writers would change the
| icon displayed with the file in Windows Explorer so it looked like the icon
| of a text file or an image. Users might then click on the disguised file.
`----

http://news.zdnet.co.uk/security/0,1000000189,39648558,00.htm


Win7 can still be exploited by hackers

,----[ Quote ]
| "People typically look at the icon to know what the file is," Runald told
| ComputerWorldUK. "If it looks like a Word doc or a PDF file, there's an
| implicit trust in it, and users are more likely to click on those files, even
| if they are actually an executable."
`----

http://www.theinquirer.net/inquirer/news/1137041/win7-exploited-hackers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAktBE6YACgkQU4xAY3RXLo6EuwCfc9v6PieiC6qNWRuZhJFR4bxg
bNsAnRM5fH8W2UG6e/w62wtuOjLSQZxY
=kRyy
-----END PGP SIGNATURE-----

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index