Jump to content

Zero-day Windows Vista and Windows 7 Exploit Found

AWS
 Share

Recommended Posts

  • FPCH Admin
AWS Newbie

AWS

Posted
  • FPCH Admin
Posted

Microsoft is looking into a zero-day vulnerability today, which reportedly affects systems running Windows Vista and 7. Researcher Laurent Gaffie said that a hacker could exploit the flaw on Windows 7 to cause a critical system error. The flaw lies in a Server Message Block 2 (SMB2) driver.

 

Gaffie said in a blog post yesterday, "SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionality." People who have commented on his blog post are reporting that the exploit can not only lead to denial of service, but also remote code execution.

 

Gaffie has contacted Microsoft, and it has since responded by saying that it is investigating the issue but that it is "unaware of any attacks trying to use the claimed vulnerability or of customer impact." The H has successfully tested the proof-of-concept code, which caused a reboot on Vista -- but did not work on Windows 7.

 

Source: TechSpot

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...