Microsoft Windows Zero-Day Fault Not Liable To Be Exploited

Microsoft has said that the recently discovered Windows zero-day flaw was unlikely to be able to be exploited remotely.

The flaw, which was discovered by an unknown researcher simply named 'Cupidon-3005', is related to a Server Message Block (SMB) vulnerability in the CIFS (Common Internet File System) browser service module, eWeek reports.

Microsoft Malware Protection Center Vulnerability Response Team member Matt Oh explained that the vulnerability was in an error-reporting service found in the Common Internet File System.

The company, along with the researcher who discovered the flaw, agree that the vulnerability was not capable of being exploited remotely by a hacker.

Jerry Bryant of the Microsoft Trustworthy Computing Group said, “based on our initial investigation this vulnerability cannot be leveraged for remote code execution (RCE) on 32-bit platforms. We are still investigating the possibility of code execution on 64-bit platforms, but so far have not found a likely scenario that would result in reliable code execution.”

Bryant added, "Nearly 4GB of consecutive address space would need to be mapped to achieve code execution on 32-bit systems, or 8GB on 64-bit systems, therefore, we believe that this vulnerability is unlikely to result in code execution and more likely in the real world to be leveraged for denial of service only."