Microsoft probing Windows 7 zero-day hole

One day after Patch Tuesday, researcher warns of unpatched security hole in Windows 7 and Server 2008.

Microsoft said on Wednesday it is looking into a report of a vulnerability in Windows 7 and Server 2008 Release 2 that could be used by an attacker to remotely crash the computer.

The company is investigating claims of a "possible denial-of-service vulnerability in Windows Server Message Block (SMB)," the Microsoft spokesperson said, adding that the company was unaware of any attacks trying to exploit the hole.

The bug triggers an infinite loop on the Server Message Block (SMB) protocol used for sharing files in Windows, researcher Laurent Gaffié wrote in a posting on the Full-Disclosure mailing list and on a blog.

"Whatever your firewall is set to, you can get remotely smashed via IE or even via some broadcasting NBNS [NetBIOS Naming Service] tricks," Gaffié wrote.

Gaffié also posted proof-of-concept code for the "Windows 7, Server 2008R2 Remote Kernel Crash."

On Tuesday , Microsoft issued six patches to fix 15 vulnerabilities, including a critical hole in the Windows kernel, as part of November's Patch Tuesday.

Tags:
Security
About the author

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

TechProbe Volunteers Wanted: Huawei Mate 7

Your chance to test drive and keep the Huawei Mate 7 phone

Tell us about the technology you're using right now, and how a smartphone could help you in your professional life.