Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Microsoft was hit with a pair of unwelcome security reports late this week.
The company released a fix for a vulnerability in Windows Server 2000 shortly before a security researcher posted details about a new flaw in Windows 7.
Researcher Laurent Gaffie said that the vulnerability could cause a denial of service, crashing the targeted machine by executing an infinite loop.
The flaw is said to exist in the server message block (SMB) component of Windows 7. Gaffie suggested that the vulnerability could be triggered through Internet Explorer and could allow an attacker to bypass firewall protections.
In reporting the details on the vulnerability, Gaffie took time to mock Microsoft's security policies, namely its secure development lifecycle (SDL) programme.
"This bug is a real proof that SDL #FAIL," the researcher wrote in a blog posting.
"The bug is so noob, it should have been spotted 2 years ago by the SDL if the SDL would have ever existed."
Disclosure of the flaw comes as Microsoft has issued a patch for another vulnerability in Windows Server 2000.
The company said that the vulnerability lied within the License Logging Service (LLS) within Windows 2000 and was given Microsoft's highest severity rating: 'critical'.
If exploited, the company warned that the flaw could allow an attacker to remotely access a server through an anonymous network connection and trigger a memory error which may allow for remote code execution on the targeted server.
The company said that Windows Server 2008 was not vulnerable to the flaw.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.