Windows Security Bug Revealed After Microsoft Patch Tuesday
A security researcher discovers a bug that could be used to trigger a crash in Windows 7 and Windows Server 2008 Release 2.Less than 24 hours after Microsoft's Patch Tuesday, a security researcher revealed a zero-day bug affecting Windows 7 and Windows Server 2008 Release 2. Researcher Laurent Gaffie posted proof-of-concept code as well as information about the flaw on his blog and the Full Disclosure mailing list Nov. 11. The exploit takes advantage of the implementation of SMB (Server Message Block). An attacker can use the bug to remotely crash Windows 7 and Windows Server 2008 R2 on a LAN or via Internet Explorer. Technical details can be found here.
A Microsoft spokesperson said the company is looking into the matter.