Daemon News » Greentech » Microsoft patching zero-day Windows 7 SMB hole
11
15
Greentech : Microsoft patching zero-day Windows 7 SMB hole
 (Votes #: 0)

Microsoft on Friday said it is working on a fix for a vulnerability in the Server Message Block file-sharing protocol in Windows 7 and Windows Server 2008 Release 2 that could be used to remotely crash a computer.

The software giant had said on Wednesday that it was looking at the bug, discovered by researcher Laurent Gaffi?, who published proof-of-concept code on a blog.

'Microsoft is aware of public, detailed exploit code that would cause a system to stop functioning or become unreliable. If exploited, this [denial-of-service] vulnerability would not allow an attacker to take control of, or install malware on, the customer's system but could cause the affected system to stop responding until manually restarted,' Dave Forstrom, group manager for public relations at Microsoft Trustworthy Computing, said in a statement. 'It is important to note that the default firewall settings on Windows 7 will help block attempts to exploit this issue.'

Microsoft is not aware of attacks to exploit the hole at this time, he said.

In an advisory, Microsoft criticized the way Gaffi? handled the discovery.

'Microsoft is concerned that this new report of a vulnerability was not responsibly disclosed, potentially putting computer users at risk,' the advisory said. 'We continue to encourage responsible disclosure of vulnerabilities.'

The advisory suggests that customers block Transmission Control Protocol, or TCP, ports 139 and 445 at the firewall, as a workaround until a patch is ready.

Source: Microsoft patch...


tags: Microsoft, Windows 7, SMB, Elinor Mills, security, vulnerabilities, bugs


The dear visitor, you have come on a site as not registered user. We recommend to you to be registered or enter for a site under the name.

Related news:
Calendar of news Popular news Tags

Copyright © 2009
Daemon News - Software | Dating Service - BoonEx - Community Software