Windows 7 Vulnerable - Critical Kernel Flaw

Microsoft is patching Windows 7 even if the next iteration of the Windows operating system is still making its way from beta to release Candidate stage. The Redmond company acknowledged that a kernel vulnerability affects both the Windows 7 client and Windows Server 2008 R2. At this point in time, Microsoft only confirmed that the Windows Kernel Input Validation vulnerability – CVE-2009-0081 impacts the Beta Build 7000 of Windows 7. Along with the March 10, 2009 security bulletin releases, the software giant also made available the security updates designed to patch the kernel vulnerability in all editions of Windows 7 and Windows Server 2008 R2.

The Windows Kernel Input Validation vulnerability – CVE-2009-0081 is considered Critical because it allows for an attacker to perform remote code execution on a vulnerable system in the eventuality of a successful exploit. However, Microsoft informed that the vulnerability was privately reported, which diminishes the risk of exploits active in the wild. “Functioning exploit code unlikely,” Microsoft revealed in its Exploitability Index Assessment. “Consistent denial of service is more likely than reliable, functional code execution.”

Still, the “vulnerability could allow remote code execution if a user viewed a specially crafted EMF or WMF image file from an affected system,” the software giant added. That's right, Windows 7 Beta could be owned by nothing more than a malformed enhanced metafile graphics file or a Windows metafile file.

The vulnerability is related to the way in which the Windows 7 kernel improperly validates input from user mode filtered by the kernel component of Graphics Device Interface (GDI). Microsoft failed to indicate whether Windows 7 releases post Beta Build 7000, including the leaked Build 7022 and 7048 are also vulnerable. Below, you will be able to find the direct download links for both Windows 7 client Beta and Windows Server 2008 R2 Beta.

- Security Update for Windows 7 Beta (KB958690) – English
- Security Update for Windows 7 Beta for x64-based Systems (KB958690) - English

- Security Update for Windows Server 2008 R2 Beta x64 Edition (KB958690)
- Security Update for Windows Server 2008 R2 Beta for Itanium-based Systems (KB958690)