Microsoft has confirmed a serious security issue affecting Windows 7 Release Candidate (RC) -- the version that was made available to the public prior to the full release of Windows 7. The problem also currently affects Windows Vista and Server 2008, but not Windows XP or Server 2008 R2.

The issue involves the Server Message Block (SMB) system which is a part of Windows itself and is used for sharing files over a network. A bug in the system means anyone could take advantage of the exploit and use SMB to gain remote access to (and take control of) a remote computer.

Temporary Solution: Block or Disable SMB

Microsoft has issued an advisory to customers showing how to temporary block the problem until a permanent solution is issued via a security update. One solution is for users with a customizable firewall to block ports 139 and 445. This should stop any attacks -- but will also cause problems with some network tools.

Another option is to disable SMB completely. Doing so is a complicated process involving editing the registry, and thus should not be attempted unless you are confident about doing so. Microsoft's guide to the process, thankfully, provides plenty of detail. (Source: microsoft.com)

Announcement Made Just After Patch Tuesday

The SMB exploit was announced just hours after this Tuesday's scheduled monthly security update, meaning that if a fix is ready soon the firm could have to choose between issuing an emergency patch or holding off the update for several weeks.

Exploit Could Affect Consumer Confidence

The fact that the problem affects the Release Candidate of Windows 7 is perhaps a public relations nightmare for Microsoft. Though final retail edition of Windows 7 (due October 22nd) does not suffer the SMB exploit, some consumers will be wary of the bad news, nonetheless. (Source: eweek.com)