Microsoft reported a zero-day flaw affecting Windows Vista and Windows Server 2008 on Tuesday. However, it said that the flaw doesn’t affect Windows 7, contrary to earlier reports.
The flaw due to vulnerabilities on Microsoft Server Message Block (SMB) implementations can be used for Remote Code Execution (RCE). Microsoft, however, denied any reported attacks on systems running on any of these operating systems.
According to Microsoft, the vulnerability could be used to take complete control of a system. it also added “Most attempts to exploit this vulnerability will cause an affected system to stop responding and restart.”
Microsoft has said that it is investigating the issue and upon completion of the investigation appropriate measures will be taken. This may include a monthly patch update.
by the way, this Tuesday was the monthly patch release day of Microsoft. This months release includes five critical Windows updates addressing eight vulnerabilities.
The advisory issued by Microsoft on zero-day vulnerability can be found here.
