[ISN] Microsoft probing Windows 7 zero-day hole

From: InfoSec News <alerts_at_private>
Date: Thu, 12 Nov 2009 00:19:38 -0600 (CST)
http://news.cnet.com/8301-27080_3-10395891-245.html

By Elinor Mills
InSecurity Complex
CNet News
November 11, 2009 

Microsoft said on Wednesday it is looking into a report of a 
vulnerability in Windows 7 and Server 2008 Release 2 that could be used 
by an attacker to remotely crash the computer.

The company is investigating claims of a "possible denial-of-service 
vulnerability in Windows Server Message Block (SMB)," the Microsoft 
spokesperson said, adding that the company was unaware of any attacks 
trying to exploit the hole.

The bug triggers an infinite loop on the Server Message Block (SMB) 
protocol used for sharing files in Windows, researcher Laurent Gaffi 
wrote in a posting on the Full-Disclosure mailing list and on a blog.

"Whatever your firewall is set to, you can get remotely smashed via IE 
or even via some broadcasting NBNS [NetBIOS Naming Service] tricks," 
Gaffi wrote.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Wed Nov 11 2009 - 22:19:38 PST

This archive was generated by hypermail 2.2.0 : Wed Nov 11 2009 - 22:24:18 PST