A security expert who goes by the name of "Cupidon-3005" has uploaded proof-of–concept code for an exploit that can blue screen all versions of Windows. The most vulnerable, according to Microsoft, are Windows Domain Controllers.
Not only can an attacker blue screen your machines, it also opens the machines up to remote code execution.
"The vulnerability is inside an error-reporting function of the CIFS browser service module. The function gets a variable number of arguments as parameters. Those string arguments are pushed on the stack for processing. In some cases, some of the strings can be controlled by the attacker," a TechNet blog explained.
Posted by Doug Barney on 02/23/2011 at 1:18 PM
Microsoft this week announced plans to shift the schedule for when it releases its optional nonsecurity patch previews for Windows systems.
The Microsoft Loop App for collaboration across Microsoft 365 applications is now available as a public preview, Microsoft announced on Wednesday.
Microsoft on Tuesday announced a preview of the artificial intelligence (AI)-generated Bing Image Creator in the Microsoft Edge browser, along with new Stories and Knowledge Card 2.0 Bing search capabilities.
Microsoft on Tuesday announced a preview of OpenAI's GPT-4 artificial intelligence (AI) model for users of the Azure OpenAI service.
Organizations using Windows Server Update Services (WSUS) or Configuration Manager will be getting a 10GB download next week that will kick off Microsoft's Windows 11 version 22H2 Unified Update Platform (UUP) servicing scheme for those premises-based management tools, Microsoft warned on Monday.
More Tech Library