Windows bug enables PC hijacking, Microsoft warns

Computerworld - Microsoft Corp. last week confirmed that a bug in Windows Vista, Windows Server 2008, and the release candidates of Windows 7 and Windows Server 2008 R2 could be used to hijack PCs.

The vulnerability in the Server Message Block (SMB) 2 network file- and print-sharing protocol that ships with those versions of the Windows operating system was first disclosed late last Monday, when a researcher posted exploit code.

The next day, Microsoft issued a security advisory confirming the bug and the fact that it could be used to "take complete control of an affected system."

Microsoft did note that the release to manufacturing, or RTM, editions of Windows 7 and Windows Server 2008 R2 are not affected, along with earlier versions of the operating system, including Windows 2000, XP and Server 2003.

However, the vulnerable release candidates have been widely distributed, with millions of users downloading Windows 7 RC when it was publicly available from early May through mid-August.

Microsoft recommended that users either disable SMB 2 by editing the Windows Registry -- a task too daunting for most consumers -- or block TCP Ports 139 and 445 at the firewall until a patch is available. However, the company acknowledged that blocking those ports would cripple several services and applications.

The Windows bug was disclosed the same day Microsoft delivered five critical updates that patched eight vulnerabilities in Windows, including one in the JavaScript engine that ships with every supported version of the operating system.

As expected, a patch for the recently revealed vulnerability in its Internet Information Services Web server wasn't ready in time for the monthly update.

This version of the story originally appeared in Computerworld's print edition.

Read more about Security in Computerworld's Security Topic Center.