A security bug in the latest version of FreeBSD can be exploited to grant unprivileged users complete control over the operating system, a German researcher said Monday. The exploit was discovered and exploited by Nikolaos Rangos also known as Kingcope.
This was disclosed in the Full Disclosure Mailing List him. Shortly after this disclosure, other researchers said they were able to confirm the bug.
The bug resides in FreeBSD’s run-time link editor. A binary run by an unprivileged user can be executed with administrative privileges in a restricted environment.
A security advisory containing a “not fully developed” patch for this has been posted in FreeBSD mail Archive.
You can see it here.
So the first Zero day a.k.a. 0day vulnerability for windows 7. The details of this exploit were posted on the Full Disclosure mailing list.
The newly found bug was discovered by Laurent Gaffie. You can view the Details and POC here.
It is caused by a flaw in the Server Message Block (SMB) protocol that forms the backbone of Windows file sharing. When triggered, the flaw results in an infinite loop that renders the computer useless, or at least more useless than it was before when Windows was still running.
And till now Microsoft don’t have any patches for this. The author recommends Closing the SMB feature and ports, until a real audit is provided. The vulnerability hits Windows 7 and Windows Server 2008 R2.
Since this exploit is just for crashing the system, you don’t have to panic about losing sensitive data. And for the same reasons black-hat hackers won’t be much interested in this exploit.
The odd thing is, this exploit has been spotted just a day after the operating system was declared risk free in Microsoft’s monthly security bulletin. 
Update:Microsoft Issues SMB Vulnerability Advisory for Windows 7 – Read it Here.
