Microsoft downplays Windows vulnerability

Microsoft has downplayed a Windows vulnerability affecting all versions of the OS that could allow remote code execution.

Earlier this week, a proof of concept exploit was released but Microsoft suggested it was unlikely that the flaw could be used for remote code execution.

The bug was discovered on the BROWSER protocol, which runs on top of the Server Message Block (SMB) protocol on Windows.

"This vulnerability affects Windows machines that have been configured to (A) use the BROWSER network protocol and (B) that then become Master Browser on the local network," said Mark Wodrich, from the Microsoft Security Response Centre, in a blog post.

"The BROWSER protocol uses an election process to determine which system will act as the "master" in terms of data collection and response handling."

Wodrich said the vulnerability was more likely to affect server systems running as the Primary Domain Controller.

"Enterprise networks the Primary Domain Controller (PDC) will become Master Browser, but depending on the network configuration, other computers on the network can become Master Browser, and therefore be vulnerable," he explained.

Wodrich said remote code execution would be possible "if the corrupted memory is used by a thread running on another processor before the RtlCopyMemory triggers a bugcheck, and in a way that can be used to change code execution."

"We feel that triggering any such timing condition reliably will be very difficult," he added.

Wodrich said that businesses following best practices should block the BROWSER protocol at the edge of firewalls to limit attacks on the local network.