Microsoft said on Tuesday that it is investigating reports of a zero-day vulnerability affecting Windows 7 and Vista.
The flaw in Windows 7 could allow an attack which would cause a critical system error, or "blue screen of death," according to researcher Laurent Gaffie.
Gaffie wrote in his blog that the flaw lies in a Server Message Block 2 (SMB2) driver.
"SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionality," wrote Gaffie in a blog post Monday.
Gaffie said he had contacted Microsoft. Comments on his blog by other users said … Read more