Microsoft has confirmed that it is “investigating” reports of a possible denial of service vulnerability in the Windows Server Message Block (SMB) protocol. However, the company emphasized that the vulnerability could not be used to assume control of a machine or install malicious software.
“[We are] aware that detailed exploit code has been published for the vulnerability,” Microsoft explained in an official advisory. “[We are] not currently aware of active attacks that use this exploit code or of customer impact at this time. [Nevertheless, we are] actively monitoring this situation.”
MS added that it was working with its partners in the Active Protections Program (MAPP) to provide “broader protections” for Windows 7 users.
“Upon completion of this investigation, [we] will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update.”
??In addition, Microsoft voiced its discontent over the “irresponsible” manner in which the issue was first reported and noted that only the following systems are affected by the vulnerability:
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems