A security researcher reported yesterday a new unpatched bug in Windows that some experts believe that could be used to hijack a PC remotely.
Microsoft said it is investigating the flaw, but did not provide information about any analysis is conducted so far.
"Microsoft is investigating public claims of a vulnerability in Windows SMB [Server Message Block]," said Jerry Bryant, a group of managers with the Microsoft Security Response Center (MSRC), in an e-mail Tuesday. "Once we're done studying, we will take appropriate measures to protect customers. This may include providing a security update through our monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves. "
The researcher, identified only as "cupidon-3005," posted the exploit code for vulnerabilities on Monday, which is reported in the function "BowserWriteErrorLogEntry ()" inside the Mrxsmb.sys driver ". The driver processes the requests to the Server Message Block Protocol used by Windows for network communication.
SMB is primarily used to provide file and printer sharing-for Windows machines.
According to the French company Vupen security, which rated the bug as "critical", a successful exploit might "cause a denial of service or take complete control of a vulnerable system." The former would crash Windows and produce the infamous "Blue Screen of Death" which presents a serious breakdown of the operating system.
Danish vulnerability Tracker Secunia, the flaw which has classified as "moderately critical"--the Central threat level in its system of five stages--said that hackers could exploit this bug to compromise a computer.
"Successful Exploitation could allow arbitrary code execution," warned Secunia.
Secunia has added that it could be started in a buffer overflow by sending a Server name string too long in a request packet invalid Browser election. In this context, "browser" doesn't mean a Web browser, but it describes other Windows components, such as access service browser OS '.
Vupen confirmed that Windows XP Service Pack 3 (SP3) and Windows Server 2003 SP2 are vulnerable to attack, while Secunia reported that may be interested also other versions of Windows.
Cupidon-3005 taunted Microsoft in a message sent to the mailing list for Security Full Disclosure. "Sorry if this puts a downer on Valentine's day MSRC sausage fest", read the message.
Microsoft Patch Tuesday is scheduled next-8 March, but if the company maintains in the same timeline, it is unlikely that releases a fix since then, unless a large number of attacks in the wild exploiting vulnerabilities-appear over the next three weeks.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and General technology breaking news for Computerworld. Follow Gregg on Twitter at @ gkeizer or subscribe to Gregg's RSS feed. His e-mail address is gkeizer@computerworld.com.
To learn more about security in Computerworld Security Center topic.
For more enterprise computing news, visit Computerworld. Story copyright © 2010 Computerworld Inc. All rights reserved.
No comments:
Post a Comment