Microsoft probing Windows 7 zero-day security hole
Microsoft said on Wednesday it is looking into a report of a vulnerability in Windows 7 and Server 2008 Release 2 that could be used by an attacker to remotely crash the computer. The company is investigating claims of a “possible denial-of-service vulnerability in Windows Server Message Block (SMB),” the Microsoft spokesperson said, adding that the company was unaware of any attacks trying to exploit the hole.
The bug triggers an infinite loop on the Server Message Block (SMB) protocol used for sharing files in Windows, researcher Laurent Gaffi wrote in a posting on the Full-Disclosure mailing list and on a blog. “Whatever your firewall is set to, you can get remotely smashed via IE or even via some broadcasting NBNS [NetBIOS Naming Service] tricks,” Gaffi wrote.
Comments are closed.