Microsoft has released an advisory for a zero day bug that cropped up in Windows 7 the day after last week's November Patch Tuesday release.
The vulnerability lies in the Server Message Block (SMB) protocol, which is used for file and printer sharing, and can reportedly be used by attackers to remotely crash any Windows 7 or Windows Server 2008 R2 system.
In the advisory, Microsoft says the vulnerability can't be used to take control of affected PCs or to install malware, which limits its potential impact. However, Microsoft also acknowledges that detailed exploit code has already been published for the vulnerability.
"Microsoft is not currently aware of active attacks that use this exploit code or of customer impact at this time," according to the advisory.
Microsoft is "actively monitoring" the vulnerability with the help of partners in its Microsoft Active Protections Program (MAPP), and may decide to fix the issue in next month's Patch Tuesday update or through a rare out-of-band patch, the company said in the advisory.
In the advisory, Microsoft also chides unnamed parties for not following the principles of responsible disclosure. Last week, security researcher Laurent Gaffie published a proof of concept for the flaw on the Full Disclosure mailing list.
"We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests," according to the advisory. "This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed."
Last week, Microsoft's MS09-065 bulletin addressed a vulnerability in the Windows kernel pertaining to the processing of Embedded OpenType fonts. This serious remote code execution vulnerability, which attackers could exploit by setting up a maliciously crafted Web site, was exacerbated by the fact that the party that reported it to Microsoft also disclosed it to the public.
