First Windows 7 zero-day bug confirmed by Microsoft
The first Windows 7 vulnerability has been confirmed by Microsoft – a denial of service vulnerability in the Server Message Block (SMB) protocol that cannot be used to take control of or install malicious software on a user’s system, but sends Windows 7 and Windows Server 2008 R2 into infinite loop and crashes it, so the user is left with no other choice other than to manually shut down and turn the computer on again to regain control of it.
According to Computer World, the vulnerability was discovered almost a week ago by a researcher that made the attack code available online on his blog and a security mailing list.
Microsoft announced that it is not yet sure if the vulnerability will be patched. Until it does, users are advised to block TCP ports 139 and 445 – not very helpful advice since doing so disables also browsers, network file-sharing and other services that are almost essential to everyday computer use.