Microsoft investigates vulnerability in Windows 7 and Server 2008 R2
As reported on the 12th of November, a flaw in the implementation of the SMB clients in Windows 7 and Windows Server 2008 R2 can be exploited to crash entire systems remotely. Microsoft has now released an advisory about the vulnerability. The vendor states that it is investigating public reports but doesn't directly concede that there is a threat. According to Microsoft, the vulnerability cannot be exploited to take control of a system or inject malicious code. The company didn't address the possibility of crippling systems remotely.
However, Microsoft does report that detailed exploit code for the vulnerability is in circulation. There is no indication of any active attacks that use this exploit code or of any customer impact at this time, said the advisory. Microsoft is reportedly monitoring the situation to keep customers informed and provide customer guidance as necessary. Microsoft also said that it is "actively" collaborating with its partners in the Microsoft Active Protections Program (MAPP) and that it intends to provide information that will allow its partner to provide "broader protections" to customers. Once the investigation is complete, Microsoft says it will take appropriate actions to help protect its customers. This could apparently involve a security update such as those released within the usual monthly update cycle.
The software vendor also complained that the vulnerability was not disclosed responsibly and said that this can put computer users at risk. According to the advisory, Microsoft believes that the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to provide customers with updates for security vulnerabilities without exposing them to malicious attackers while the update is being developed, said the vendor.