Zero-day bug discovered in Windows 7 and Windows Server 2008 R2 after Patch Tuesday

Less than 24 hours after Microsoft's Patch Tuesday; researcher Laurent Gaffie posted proof-of-concept code as well as information about “zero-day bug” affecting Windows 7 and Windows Server 2008 R2, Full Disclosure mailing list. Exploit takes advantage of implementation of SMB (Server Message Block). An attacker can use bug to remotely crash Windows 7 and R2 […]

Less than 24 hours after Microsoft's Patch Tuesday; researcher Laurent Gaffie posted proof-of-concept code as well as information about “zero-day bug” affecting Windows 7 and Windows Server 2008 R2, Full Disclosure mailing list. Exploit takes advantage of implementation of SMB (Server Message Block). An attacker can use bug to remotely crash Windows 7 and R2 on a LAN or via IE. Technical details here. "Microsoft is investigating new public claims of a possible denial-of-service vulnerability in Windows Server Message Block," spokesperson said. "We're currently unaware of any attacks trying to use claimed vulnerability or of customer impact. Once we're done investigating, we’ll take appropriate action to help protect customers. This may include providing a security update through monthly release, an out-of-cycle update or additional guidance to help customers protect themselves," said. While users await a patch, Gaffie advised users close SMB feature and ports.