Server 2008 posts - Security

November 11, 2009 5:29 PM PST

Microsoft said on Wednesday it is looking into a report of a vulnerability in Windows 7 and Server 2008 Release 2 that could be used by an attacker to remotely crash the computer.

The company is investigating claims of a "possible denial-of-service vulnerability in Windows Server Message Block (SMB)," the Microsoft spokesperson said, adding that the company was unaware of any attacks trying to exploit the hole.

The bug triggers an infinite loop on the Server Message Block (SMB) protocol used for sharing files in Windows, researcher Laurent Gaffié wrote in a posting on the Full-Disclosure mailing list and on a blog.

"Whatever your firewall is set to, you can get remotely smashed via IE or even via some broadcasting NBNS [NetBIOS Naming Service] tricks," Gaffié wrote.

Gaffié also posted proof-of-concept code for the "Windows 7, Server 2008R2 Remote Kernel Crash."

On Tuesday, Microsoft issued six patches to fix 15 vulnerabilities, including a critical hole in the Windows kernel, as part of November's Patch Tuesday.

Originally posted at InSecurity Complex

Topics:: Vulnerabilities and attacks

Tags:: Microsoft,; zero-day,; Windows 7,; Server 2008

Share:: Digg; Del.icio.us; Reddit; Facebook; Twitter

See all Windows 7 coverage.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

Most Discussed

Inside CNET News

Scroll Left Scroll Right

Deep Tech
Long-awaited Bibble 5 raw photo editor arrives
Bibble 5 Pro is out, bringing higher performance and a higher price to the raw-photo editing and cataloging software. Also new: selective editing.
Gallery
NASA trains WISE eye on the sky (photos)
Technically Incorrect
Aha! It's the iGuide, not iSlate--maybe
In the latest rumor about the name of the new Apple tablet, the name iGuide surfaces as a possibility. Could this really be it?
Beyond Binary
Visual Studio launch delayed by 'a few weeks'
Microsoft says it's still working to resolve some performance issues related to the Visual Studio 2010 developer tool suite, which was slated for a March release.
Video
Deep-sea volcanic explosion--part 2 (video)
Digital Media
Online holiday sales hit $27 billion
E-commerce sales grow 5 percent for the holiday season, reaching $27 billion compared with $25.8 billion last year, says new ComScore report.
Video
Deep-sea volcanic explosion--part 1 (video)
Deep Tech
'Don't-be-evil' Google spurns no-evil software
One open-source software programmer's joke--'The Software shall be used for Good, not Evil'--is a serious matter at Google.
The Space Shot
Soyuz craft docks, boosts space station crew
A Russian Soyuz spacecraft docked with the International Space Station Tuesday after a smooth, automated approach, boosting the lab's crew back up to five.
Gallery
A real-world test of Google Goggles visual search (photos)
2010 CES
Tivit streams Mobile DTV to your iPhone, BlackBerry, and PC
The Tivit lets your smartphone or PC access Mobile DTV programming via Wi-Fi.
Green Tech
Smart-grid spending to hit $200 billion by 2015
Technologies to automate and upgrade the grid will capture most of the $200 billion invested in modernizing electrical power systems, says Pike Research.