Ten year-old flaw hits Windows Vista

A Server Message Block flaw could allow remote code execution in Vista

Microsoft has admitted that Windows Vista is shipping with a bug that was first discovered in Windows machines in 1999.

The flaw was patched in Windows 2000 and XP, but was apparently long forgotten when Vista shipped.

All a hacker needs to do is send a deliberately malformed network negotiation request, which can force a Vista system into a page fault that triggers a stop error, or 'blue screen of death'. The attack affects 32-bit and 64-bit versions of the operating system.

The attack does not require authentication, but port 445 of the target system must be open, and is open by default in Windows.

Laurent Gaffié, who discovered the vulnerability, has contacted Microsoft, noting that the only solution he can think of is to turn off the Server Message Block (SMB) feature and close port 445.

Microsoft has issued a security advisory to cover the issue, and has registered its extreme displeasure at Gaffié for going public with the flaw.

The software giant said that it may provide a security update on the next Patch Tuesday, or an out-of-cycle patch once it is ready, adding that there are two workarounds for the flaw: disable SMB v2; or block TCP ports 139 and 445 at the firewall.

Computers are not as vulnerable as they were in 1999. In Vista, if the network profile is set to 'Public', the system is not affected by this vulnerability, since unsolicited inbound network packets are blocked by default.

Although Windows 7 and Windows Server 2008 R2 have similarities with Vista, Microsoft does not believe that they are affected by this vulnerability. However, Windows 7 RC is affected, but since this is not officially 'out there' it is allowed to be just as insecure as Vista, apparently.