Microsoft Confirms Zero-day Flaw in Windows
In accordance with a confirmation from Microsoft, the company is examining the issue of a vulnerability reported in Windows Server 2008 R2 and Windows 7. It is said that an attacker could exploit the vulnerability remotely to crash computers.
The report of zero-day flaw comes from Laurent Gaffie, a Canadian researcher, on November 11, 2009, when he published proof-of-concept (POC) exploit code along with disclosing the hole on his blog and the security mailing catalog of Full Disclosure, as reported by ComputerWorld on November 14, 2009.
Affecting just Windows Server 2008 R2 and Windows 7 versions 32 and 64, the security flaw leaves all earlier Windows versions unaffected. Gaffie states that upon exploiting the vulnerability, Windows Server 2008 R2 and Windows 7 systems could crash to such an extent that control over the systems could return only via physically shutting them down.
The notice of the flaw arrived one day after Microsoft had released its monthly security bulletin for November 2009 when the software giant issued 6 patches for 15 flaws affecting various versions of Office and Windows.
After receiving the notice, Microsoft merely stated that it was looking into it. Two days later on November 13, 2009, the company released a security advisory in which spokesman Dave Forstrom for Microsoft security team stated that Microsoft had come to know about detailed, public POC attack code with which a computer would become non-functional and hence unreliable, as reported by ComputerWorld on November 14, 2009.
Forstrom added that the company, however, had no report of attacks exploiting the flaw.
Furthermore, Microsoft cautioned that attacks via the flaw could target any browser in addition to Internet Explorer. Evidently hackers, by persuading users to go to a malicious website or an already hijacked domain, could serve them harmful URLs and subsequently bring the computers down using distorted SMBs.
Nevertheless, Microsoft stated that it intended to fix the vulnerability, but did not specify a date or promise an out-of-cycle security patch. Instead it advised users to close the computer firewall's TCP ports 139 and 445, although that would render Web browsers along with many critical features such as IT group policies and network file-sharing, inoperable.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 24-11-2009