Microsoft confirms first Windows 7 zero-day bug

Microsoft late has confirmed that an unpatched vulnerability exists in Windows 7, but is downplaying the problem, saying most users would be protected from attack by blocking two ports at the firewall.

In a security advisory, Microsoft acknowledged that a bug in SMB (Server Message Block), a Microsoft-made network file- and print-sharing protocol, could be used by attackers to cripple Windows 7 and Windows Server 2008 R2 machines.

The zero-day vulnerability was first reported by Canadian researcher Laurent Gaffie last Wednesday, when he revealed the bug and posted proof-of-concept attack code to the Full Disclosure security mailing list and his blog. According to Gaffie, exploiting the flaw crashes Windows 7 and Server 2008 R2 systems so thoroughly that the only recourse is to manually power off the computers.

Source

This entry was posted on Monday, November 16th, 2009 at 9:21 amand is filed under Exploits, Microsoft, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply