New Windows zero-day surfaces as researcher releases attack code

A security researcher yesterday disclosed a new unpatched bug in Windows that some experts believe could be used to remotely hijack a PC.

Microsoft said it is investigating the flaw, but provided no information on any analysis it's conducted thus far.

"Microsoft is investigating public claims of a possible vulnerability in Windows SMB [Server Message Block]," said Jerry Bryant, a group manager with the MSRC (Microsoft Security Response Center), on Tuesday. "Once we're done investigating, we will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves."

:story: Full story: InfoWorld