Security Watch

Windows 7 Gets Its First Bug

Plus: hackers try to bypass Windows 7's WAT; Internet Explorer attack can hurt the kernel.

In an inauspicious beginning to the week, the first zero-day bug for Windows 7 has emerged.

The bug touches on Microsoft's Server Message Block (SMB) program -- specifically, SMBv1 and SMBv2 on Windows 7 and Windows Server 2008 R2. Microsoft has issued a security advisory describing workarounds, but says most users would be protected from attacks by blocking two ports at the firewall.

This isn't the first time SMB issues have popped up. In the last three months, there've been instances of exploits affecting the program through different attack vectors, with different implications.

This latest exploit is of the denial-of-service variety and, if effective, would deny a user or administrator entry, or change or delete access into the program.

Windows 7 Without WAT?
According to the blog My Digital Life, hackers have been trying to figure out how to bypass Windows Activation Technologies (WAT) in Windows 7.

WAT is the activation requirement for an installed Windows 7 system, conceived by Microsoft's anti-piracy team as a means to curtail rogue installations of the OS on unlicensed PCs.

Now, My Digital Life and other sites are reporting that so-called bypass commands such as "RemoveWAT" and "ChewWGA" are spreading on the Internet and could help users install Windows 7 without a product key.

Of course, the main drawback of such an installation -- other than it being illegal -- is that hackers can use corrupt instances of Windows 7 to build code across network bridges and also create a veil of anonymity.

Microsoft said as much in an e-mail statement, saying that such instances of Windows 7 could "contain malware." The software giant also claimed to be "aware of this workaround and [is] already working to address it."

The Kernel Is the Key
Security gadflies like Jason Miller of Shavlik Technologies and H.D. Moore, creator of the popular open source exploit clearinghouse Metasploit and now chief security officer of Rapid7, think proof-of-concept code may be in the works to attack the Windows kernel, the operative heart of the OS.

That's why experts are keeping their eyes on Embedded OpenType (EOT) fonts, the focal point of a recently patched critical vulnerability in this month's Patch Tuesday slate. Hackers can use EOT fonts on Internet Explorer pages, potentially tricking users into clicking on them and thus triggering exploit code.

Microsoft said in a security bulletin that "the most severe of the vulnerabilities could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font."

Conventional wisdom has hackers moving toward attacking applications, preferring to enter a network that way instead of through more sturdy OSes. But IE is an application that thinks and sometimes acts like an OS, and with the growth of browser-borne enterprise projects, an attack on IE can lead directly to the kernel.

In an e-mailed statement regarding last week's patch release, Shavlik's Miller said an exploit would hit the wild "sooner than later." And for his part, Rapid7's Moore said he was actually testing potential proofs-of-concept -- or, to use his words, "working on ways to test the critical flaw against the MS patch."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Dell Sells RSA Assets for $2 Billion

    Dell's RSA security solutions businesses, including the RSA Conference, were bought by a consortium of companies for about $2 billion, according to Tuesday announcements.

  • How To Get Started as a Windows Insider

    Microsoft's Windows Insider program is invaluable for IT pros who want to test drive new Windows 10 features before the update rolls out to their entire organization. If you haven't already signed up to be an Insider, here's how to do it.

  • Old Fashioned Mics

    Microsoft Preps for RSA Conference with Multiple Security Product Announcements

    Microsoft announced various enterprise security solution product milestones this week in advance of the forthcoming RSA Conference, which will start on Feb. 24.

  • Office App for Android and iOS Phones Now Commercially Released

    Microsoft on Wednesday announced the worldwide "general availability" of its new Office App for both Android and iOS phones.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.