In this computer-savvy world, the issue of piracy is on hike. With the advent of any new technology, you can easily find its pirated version available at very low cost and sometimes for free also.
Before the release of Windows 7 Release Candidate (RC), its pirated version was made available in the market and on various bittorrent sites like Mininova.org and others. These websites clearly highlighted the warning of the potential risk to the users computers.
It was a warning for the users who were downloading the new RC builds of windows 7. This warning message was posted by Frank Fontaine on the Neowin.net discussion boards.
Various downloads carried a trojan in the setup EXE. The setup EXE is just a container which appears to be self extracting executing file. It contained Setup.exe and codec.exe.
These executable files were meant to contain trojans and other malwares that may harm your computer.
It is highly recommended and well advised not to use the leaked downloads and use the genuine copies to keep your computer healthy and working.
Recently, Microsoft has confirmed that an unpatched risk exists in Windows 7, but minimized the problem, saying by blocking two ports at the firewall, most Windows 7 users would be protected from attack.
Microsoft has accepted in a security advisory that a Microsoft-made network file- and print-sharing protocol which is a bug in Server Message Block could be used by attackers to disable Windows 7 systems.
A Canadian researcher Laurent Gaffie first reported the zero-day risk, when he lighted the bug and posted proof-of-concept attack code to the Full Disclosure security mailing list and his blog. According to Gaffie, exploiting the defect crashes Windows 7 computers so badly that the only way is to power off the computers manually.
At this time, Microsoft only said that it was investigating Gaffie's reports.
Then on 13th November, Microsoft took the next step and issued the advisory. a spokesman for Microsoft security group, Dave Forstrom has said in an e-mail that company is aware of users and the detailed exploit code that would cause Windows 7 computer to stop working. Also, the company is unaware of attacks to exploit the reported risks at this time.
Forstrom resonated Gaffie's comments that while an exploit could disable a PC, the risk could not be used by hackers to install malicious code on a Windows 7 computers.
Forstrom assured that both SMBv1 and its successor, SMBv2, contain the bug. But Windows 2000 , Windows 2003, Windows XP, Windows Vista and Windows Server 2008 are not affected.
The company has also warned that attacks could be aimed at Internet Explorer and any other browser also. Hackers could give users specially-ready uniform resource identifier and then disable their PCs with malformed SMB packets after tricking consumers into visiting a malicious web site.
Since the new operating system was launched on Oct. 22, Gaffie's risk was the first zero-day reported and was confirmed by Microsoft in Windows 7.
Friday, November 20, 2009
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment