Security advisory for Microsoft Windows 7 for vulnerability detected

Microsoft has issued a new security advisory for its Windows 7 operating system in respect of a possible denial of service vulnerability in the Server Messes Block (SMB) protocol. Microsoft has clarified that this vulnerability cannot be used to take control of or install any malicious software on the user’s system. While stating that it is aware of the fact that a detailed exploit code has been published for the said vulnerability, Microsoft has clarified that it is not aware of any active attacks using this exploit code or of any customer impact presently.

The company said that it is investigating into this matter and will take appropriate action on completion of this investigation, to help protect the users. It is likely to issue a security update in its monthly security update process or an out-of-cycle security update, depending upon the necessity. Since the next monthly security update is due only on December 8, the users will have to wait till that time.

However, it is reported that, currently, the above vulnerability only allows for freezing of the system, which then requires a manual reboot. This vulnerability does not allow for running commands or installing malware. So, in that sense, this vulnerability will not do much harm. As per the instructions issued in the above advisory, till the regular security update is issued by Microsoft depending upon requirements, the users can block TCP ports 139 and 445 at the firewall and this may help protect the users against any potential threat. However, it may be noted that blocking these ports entirely would also block the file and printing sharing in the computer’s own network and will also affect some other services. See, Microsoft’ security advisory for more details.

It is pertinent to point out that Windows 7 was released recently on October 22, 2009, and within a short period of one month only, it has already started showing vulnerabilities. Windows 7 was supposed to be a much better and secure operating system. So, does it mean that release of security updates will be the same routine affair as it was in the case of the earlier versions of Windows? What do you think?

• Free Microsoft Security Essentials software for protection from viruses and spyware
• Download 35 free themes for Windows 7 from Microsoft
• Free utility for security threats and updates on PC
• Download free Windows Live Mail for Windows 7 in place of Outlook Express & Windows Mail
• How to setup Windows XP mode in Windows 7
• How to enable or disable secure logon in Windows 7
• Old version WordPress blogs under security risk
• How to enable or disable Automatic Updates in Windows Vista
• How to make older programs run in Windows 7
• How to enable or disable Automatic Windows Updates in XP