Microsoft confirmed to Cnet News that it is looking into a report of a vulnerability in Windows 7 and Server 2008 R2 that could be used by a malicious attacker to remotely crash PCs.
The software giant is looking into claims of a "possible denial-of-service vulnerability in Windows Server Message Block (SMB)," a Microsoft spokesperson confirmed. Security researcher Laurent Graffie published proof of concept code in a blog posting proclaiming "This bug is a real proof that SDL #FAIL". Laurent also added "the bug is so noob, it should have been spotted 2 years ago by the SDL if the SDL had ever existed."
The flaw kicks off an endless loop on the Server Message Block (SMB) protocol used for sharing files in Windows. The vulnerability report came a day after Microsoft"s patch Tuesday for November. The software company released six patches to fix 15 vulnerabilities across different versions of Windows and Office.
Thanks to Jonathan Yaniv for the news tip