(November 13, 14 & 16, 2009)
Microsoft has issued a security advisory acknowledging a zero-day
vulnerability in Windows 7. The denial-of-service flaw was disclosed
by a researcher last week. Proof-of-concept exploit code for the Server
Message Block (SMB) flaw has been published on a blog. The code could
be used to render vulnerable systems unreliable or even cause them to
stop functioning. However, Microsoft maintains that the flaw could not
be exploited to take control of computers or install malware on
computers.
Users are advised to block Transmission Control Protocol (TCP) ports 139
and 445 to protect their computers until the fix is ready. The flaw
also affects Windows Server 2008 R2.
http://www.microsoft.com/technet/security/advisory/977544.mspx
http://www.h-online.com/security/news/item/Microsoft-investigates-vulnerability-in-Windows-7-and-Server-2008-R2-860137.html
ISC: http://isc.sans.org/diary.html?storyid=7597
http://news.cnet.com/8301-27080_3-10397759-245.html?part=rss&subj=news&tag=2547-1009_3-0-20
http://www.computerworld.com/s/article/9140858/Microsoft_confirms_first_Windows_7_zero_day_bug?source=rss_security
http://www.washingtonpost.com/wp-dyn/content/article/2009/11/16/AR2009111602221.html