Microsoft: No Remote Code Execution For Windows Zero Day

a reported zero day vulnerability

"We have reproduced this vulnerability and have analyzed the resulting memory corruption condition. Based on our initial investigation this vulnerability cannot be leveraged for remote code execution on 32-bit platforms," Jerry Bryant, group manager of response communications in the Microsoft Security Response Center (MSRC), said in an e-mail to CRN late Wednesday.

Microsoft is still investigating the possibility of code execution on 64-bit platforms, but thus far hasn't found a probable scenario that would result in reliable code execution, Bryant said. "Nearly 4GB of consecutive address space would need to be mapped to achieve code execution on 32-bit systems, or 8GB on 64-bit systems. Therefore, we believe that this vulnerability is unlikely to result in code execution and more likely in the real world to be leveraged for denial of service only," said Bryant.

The vulnerability, reported earlier this week by researcher "Cupidon-3005," affects systems running Windows XP Service Pack 3 and Windows Server 2003 Standard Edition SP2, according to French security research firm Vupen, which assigned its highest threat rating of "critical" to the flaw. Vupen also said the vulnerability could be exploited by remote unauthenticated attackers or local unprivileged users to crash an affected system or execute arbitrary code with elevated privileges.

The SMB protocol handles file and print services for Windows clients and servers on corporate networks, and it can be a problematic protocol because it has many connections to the Windows OS and offers a very broad attack surface. But remote exploits are unlikely for organizations that have set up their firewalls to block Windows File Sharing, according to Andrew Plato, president of Beaverton, Ore.-based Anitian Enterprise Security.