Doesn't affect Windows 7 or Server 2008 R2 RTMs, or older versions like 2000 and XP


Microsoft late Tuesday confirmed that a bug in Windows Vista, Windows Server 2008, and the release candidates of Windows 7 and Windows Server 2008 R2, could be used to hijack PCs.

The vulnerability in SMB (Server Message Block) 2, a Microsoft-made network file- and print-sharing protocol that ships with Windows, was first disclosed late Monday, when a researcher posted exploit code he claimed crashed Windows Vista and Windows 7 systems, causing the dreaded "Blue Screen of Death."

Later in the day, several researchers, including Tyler Reguly, a senior security engineer of nCircle Network Security, vouched that tests showed the attack code crashed machines running Vista, Server 2008 and the Windows 7 and Server 2008 R2 release candidates, but not the final, or RTM, versions of the latter two. Also on Tuesday, another researcher, Ruben Santamarta, said on the Bugtraq mailing list that the vulnerability was not only a denial-of-service flaw, but also allowed remote code execution, security-speak for a bug that could be used to jack a machine.

More: http://computerworld.com/s/article/9137739/