Third-party security researchers reported that they found a vulnerability in both Windows 7 and Windows Server 2008 Release 2. The said bug exists in the handling of Server Message Block (SMB) packets and can allow malicious users to remotely crash systems if a malformed packet is received by the target system. The crash does not lead to the infamous blue screen of death, however. It merely renders the system unresponsive. Older versions of Windows (e.g., Windows Vista) are not affected by this vulnerability.

Microsoft has not confirmed independent reports. A spokesman said the company was still investigating the issue. Enterprise users are protected by Trend Micro products such as Deep Security and Intrusion Defense Firewall. Trend Micro has issued a security advisory with some more technical details on this vulnerability.


Other users are advised to block the ports used by the SMB protocol and await the official Microsoft response.

Update as of 11:01 P.M. While Microsoft has not confirmed these reports as of this writing, we have verified that Windows 7 is vulnerable.

Update as of November 14, 6:20 A.M. Microsoft has released a security advisory for this vulnerability. Accordingly, the said vulnerability can’t be used to install malicious files and to take control of one’s system. Although the exploit code has been published already, Microsoft said that it hasn’t received any reports of known attacks in the wild. As a workaround, Microsoft advises users to block TCP ports 139 and 445 at the firewall.

Post from: TrendLabs | Malware Blog – by Trend Micro

New SMB Zero-Day Exploit?


Go to Source