Microsoft last week issued an advisory warning that a bug discovered in Windows Vista, Windows Server 2008 and the release candidates of Windows 7 and Windows Server 2008 R2 could be used to hijack PCs. Microsoft Corp. last week confirmed that a bug in Windows Vista, Windows Server 2008, and the release candidates of Windows 7 and Windows Server 2008 R2 could be used to hijack PCs.The vulnerability in the Server Message Block (SMB) 2 network file- and print-sharing protocol that ships with those versions of the Windows operating system was first disclosed late last Monday, when a researcher posted exploit code.The next day, Microsoft issued a security advisory confirming the bug and the fact that it could be used to “take complete control of an affected system.”Microsoft did note that the release to manufacturing, or RTM, editions of Windows 7 and Windows Server 2008 R2 are not affected, along with earlier versions of the operating system, including Windows 2000, XP and Server 2003. However, the vulnerable release candidates have been widely distributed, with millions of users downloading Windows 7 RC when it was publicly available from early May through mid-August.Microsoft recommended that users either disable SMB 2 by editing the Windows Registry — a task too daunting for most consumers — or block TCP Ports 139 and 445 at the firewall until a patch is available. However, the company acknowledged that blocking those ports would cripple several services and applications. The Windows bug was disclosed the same day Microsoft delivered five critical updates that patched eight vulnerabilities in Windows, including one in the JavaScript engine that ships with every supported version of the operating system.As expected, a patch for the recently revealed vulnerability in its Internet Information Services Web server wasn’t ready in time for the monthly update.This version of the story originally appeared in Computerworld ‘s print edition. Related content news analysis Attackers breach US government agencies through ColdFusion flaw Both incidents targeted outdated and unpatched ColdFusion servers and exploited a known vulnerability. By Lucian Constantin Dec 06, 2023 5 mins Advanced Persistent Threats Advanced Persistent Threats Advanced Persistent Threats news BSIMM 14 finds rapid growth in automated security technology Embrace of a "shift everywhere" philosophy is driving a demand for automated, event-driven software security testing. By John P. Mello Jr. Dec 06, 2023 4 mins Application Security Network Security news Almost 50% of organizations plan to reduce cybersecurity headcounts: Survey While organizations are realizing the need for knowledgeable teams to address unknown threats, they are also looking to reduce their security headcount and infrastructure spending. By Gagandeep Kaur Dec 06, 2023 4 mins IT Jobs Security Practices feature 20 years of Patch Tuesday: it’s time to look outside the Windows when fixing vulnerabilities After two decades of regular and indispensable updates, it’s clear that security teams need take a more holistic approach to applying fixes far beyond the Microsoft ecosystem. By Susan Bradley Dec 06, 2023 6 mins Patch Management Software Threat and Vulnerability Management Windows Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe