Microsoft Has To Face Impact Of Windows 7 Zero-Day Flaw

Don Reisinger, eWEEK USA 2013. Ziff Davis Enterprise Inc. All Rights Reserved,

Analysis: Microsoft Windows 7’s security problem reportedly affecting a release candidate of the hotly anticipated OS launch may damage its launch

In what could be a major issue for Microsoft as it prepares for the release of Windows 7 next month, the company announced that it has found a bug that could hijack PCs running Windows Vista, Windows Server 2008 and Windows 7.

Security researchers found that the issue affects the Windows 7 Release Candidate (RC). However, the company was quick to assert that it has found that the bug won’t harm Windows 7 ready to manufacture (RTM) — the version on its way to store shelves.

“An attacker who successfully exploited this vulnerability could take complete control of an affected system,” a Microsoft advisory said. “Most attempts to exploit this vulnerability will cause an affected system to stop responding and restart.”

Although it’s nice to hear that the Windows 7 versions that will be shipping to store shelves won’t be susceptible this problem, it underlies a major issue that Microsoft might need to face going forward: security issues, no matter the type or potential harm, could severely impact Microsoft’s ability to attract consumers and especially the enterprise to the company’s new operating system.

At this point, a security issue that makes buyers think twice about Windows 7 could be a real hindrance to Microsoft as it tries to rebuild the standing of its operating system (OS) in the marketplace.

When Windows Vista was released, the enterprise and consumers had high hopes for the operating system. Microsoft promised that it would be the most secure operating system it had ever released. Some companies bit the bait and immediately updated their hardware with Windows Vista.

In many cases though, those same companies found it to be a mistake. Windows Vista didn’t have the kind of security companies required. Almost immediately, outbreaks started occurring as Microsoft scrambled to patch them. Meanwhile, all those companies using Windows XP were delighted that they had opted to stick with Microsoft’s old OS. Over time, Vista’s security was improved. But the damage had already been done.

That damage still lingers in the minds of many IT managers and consumers. They’re not convinced that Microsoft’s new OS is really as secure as Microsoft claims. The software giant claims that Windows 7 will provide at least the same security as Windows Vista and over time, it will only get better. Companies and consumers, Microsoft contends, will not need to fear that Windows 7 will be less secure than its predecessors.

For a while, Microsoft likely had some of those people convinced. Security has barely even made its way into the discourse surrounding the operating system. Microsoft had played all the right moves. First, it allowed users to download Windows 7 to try it out for themselves.

Then, after announcing its intention to send it to store shelves, Microsoft made the smartest move of all: it allowed companies to download Windows 7 Enterprise edition to see for themselves why Windows 7 would work in their operation. But then the news broke this week that this security issue will impact Windows 7 computers.

The very fact that Windows 7 suffers from a security problem that can cause a “Blue Screen of Death” is enough to scare some potential users away. Those that believed that Windows 7 would be different from Windows Vista might have a reason to change their minds now. All they are likely to see is that a security problem has impacted Windows 7. It reminds them of Vista — and it might make them a little nervous.

But just how nervous is unknown. Certainly there will be some companies that see this for what it really is: a slight problem that, if a company is jumping from Windows XP to Windows 7, it won’t need to deal with. But others will be far less forgiving. Some companies were burned by Windows Vista. Their trust in Microsoft isn’t nearly as high as it could be. And any misstep, no matter the consequences to them, could have a damaging affect on Microsoft’s bottom line.

With just over one month to go before Windows 7 is released, Microsoft would like to cruise. It knows that it has fixed many of the mistakes it made with Vista’s launch. It understands that it needs to repair some broken relationships with vendors, the enterprise and consumers. And it realizes that Windows 7 is a key component in its future success.

So with a security outbreak affecting its users, it needs to mitigate the damage as quickly as possible. Most importantly, it needs to do a better job of reassuring companies and consumers that the Windows 7 they will use won’t be impacted by this outbreak.

Microsoft could see this issue as an opportunity. Instead of focusing on Windows XP virtualisation and an improved taskbar, the company can spend the next week or two talking about Windows 7 security. It can reassure users that Windows 7, when it’s released, will boast the kind of protection that they would expect. And, if and when a security outbreak does occur, Microsoft can reassure them that it will do everything it can to fix it before it gets out of hand.

Although Microsoft’s security woes are a real problem for the company as it tries to attract the suspect shopper, it’s not the end of the fight. It can turn the negative into a positive. It just needs to do it now.