Security researchers believe that an unpatched flaw in the SMB (Server Message Block) 2 software that ships with Windows Vista and Windows Server 2008 could turn into a major headache.
showing how the bug could be leveraged to crash a Windows machine was posted Monday to the Full Disclosure mailing list by Laurent Gaffie.
But security experts believe that more serious attacks are possible.
Kostya Korchinsky, a senior security researcher with security-assessment software vendor Immunity, said the flaw could be exploited in a privilege-escalation attack. This type of attack is used once the attacker has already found a way to run software on the victim's machine. It gives the hacker a way of accessing system resources that would otherwise be prohibited.
A more dangerous "remote-code execution" attack "might be possible, but it would be a lot more difficult," Korchinsky said. With remote-code execution, the attacker is able to run unauthorized software on the victim's machine.