- Mar 6, 2017
- 1,790 (1.70/day)
- North East Ohio, USA
|System Name||My Super Computer|
|Processor||Intel Core i7 8700K|
|Motherboard||Gigabyte Z370 AORUS Ultra Gaming|
|Cooling||Corsair H55 AIO|
|Memory||2x8GB Crucial/Micron Ballistix Sport DDR4-2400|
|Video Card(s)||ASUS GeForce GTX1060 6GB|
|Storage||Samsung 970 EVO 500 GB NVMe SSD (System Drive), Samsung 860 EVO 500 GB SATA SSD (Game Drive)|
|Display(s)||HP 2311x and Acer G206HQL|
|Case||CoolerMaster MasterBox Lite 5 RGB|
|Audio Device(s)||On-Board Sound|
|Power Supply||EVGA Supernova 650 G3 Gold|
|Keyboard||Logitech Wave K350|
|Software||Windows 10 Pro 64-bit|
Unless, of course, a kernel vulnerability is found at the networking level where it takes no interaction from the user to be exploited.Sure, they've had a few problems, but nothing a solid firewall can't handle. Windows 7 will be no different.
Some of you may not be old enough to remember the dark old days of Windows 9x in which there was a TCP/IP stack vulnerability that could be triggered with a malformed packet which would cause the system to instantly crash. I remember because that vulnerability was weaponized into something that all you needed to do was get someone's IP, plug it in, press a button and the offending person was instantly knocked offline. It was the favorite tool of choice for those who were, shall we say, people with less than good sportsmanship in games at the time. If they were losing a game they'd use to tool to knock people offline and win by default.
Why am I saying this? Well, it's rather simple. A router may seem adequate unless of course you already know an open port into the system which if you know of one you can simply sneak a malformed packet in and strike without the user knowing. Now, this could be mitigated but would have to be mitigated at the router level before it even hits your Windows 7 system with the use of a full stateful packet inspection in which all packets that come in are analyzed for content and source. Unfortunately, most home routers don't do this; they're pretty much dumb devices that simply pass on whatever they're sent from the WAN side to the LAN side with the use of NAT. Incoming port 2354 is sent to the machine with an internal IP of 192.168.1.68 on the same port, there's no source check so if a bad guy were to be able to know exactly when to strike, they could sneak in a packet to that port and it would slip through and hit your internal system and the router would just be happy to pass it.
So with that being said, if a kernel vulnerability was found and the TCP/IP stack is at risk you could, in theory, be vulnerable no matter what you do if you continue to stay on Windows 7. All it would take is a malformed packet and then boom, BSOD hell.