Microsoft will likely wait until February 14 to fix a publicly disclosed vulnerability in the SMB network file sharing protocol that can be exploited to crash Windows computers.
The vulnerability was disclosed Thursday when the security researcher who found it posted a proof-of-concept exploit for it on GitHub. There was concern initially that the flaw might also allow for arbitrary code execution and not just denial-of-service, which would have made it critical.
The CERT Coordination Center (CERT/CC) at Carnegie Mellon University at first mentioned arbitrary code execution as a possibility in an advisory released Thursday. However, the organization has since removed that wording from the document and downgraded the flaw’s severity score from 10 (critical) to 7.8 (high).
Attackers can exploit the vulnerability by tricking Windows systems to connect to malicious SMB servers that send specially crafted responses.
