A Windows Server zero-day security vulnerability has been released into the wild after Microsoft failed to issue a patch, despite having been warned of the problem three months ago.
According to US CERT, the vulnerability is "a memory corruption bug in the handling of SMB traffic, which may allow a remote, unauthenticated attacker to cause a denial of service on a vulnerable system".
It continues: "Microsoft Windows fails to properly handle traffic from a malicious server. In particular, Windows fails to properly handle a specially-crafted server response that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure.
"By connecting to a malicious SMB server, a vulnerable Windows client system may crash (BSOD) in mrxsmb20.sys. We have confirmed the crash with fully-patched Windows 10 and Windows 8.1 client systems, as well as the server equivalents of these platforms, Windows Server 2016 and Windows Server 2012 R2."
US CERT recommends blocking outbound SMB connections - TCP ports 139 and 445 along with UDP ports 137 and 138 - from the local network to the wide area network.
Despite the publication of the proof-of-concept code last week, Microsoft still hasn't issued a patch, or revealed when a patch will be ready.
In response to suggestions that it was irresponsible to publicise the security flaw and to publish the exploit, Gaffie suggested that the responsibility lies with Microsoft.
"If I'm not rewarded in any way for the free work I'm doing for this multi-billion company, why should I tolerate them sitting on my bugs?" he said.
Buyers can demand refunds if they've had a game for no more than 14 days and not registered more than two hours of play
Total lunar eclipse 2019: 'Super Blood Wolf Moon' to be visible across Europe and North America on Sunday night
Moon will turn reddish-orange in colour during this weekend's total lunar eclipse
Hackers to compete for prize money of between $35,000 and $250,000 cracking the Tesla Model 3 at this year's Pwn2Own contest
Supermassive black holes can suddenly 'switch on' to devour large amounts of gases in their surroundings
Scientists are unsure what causes this dramatic increase in black holes' mass