The vulnerability, tagged as CVE-2011-0654, has been rated "critical" and confirmed on Windows Server 2003 SP2 and Microsoft Windows XP SP3.
The flaw was originally discovered by a researcher known as Cupidon-3005, who prefaced his notification to seclists.org with the sly comment: "Apologies if this puts a downer on the MSRC Valentine's Day sausage fest."
The vulnerability has been analysed by researchers at VUPEN Security S.A. in Montpellier France who say the problem is caused by a heap overflow error in the "BrowserWriteErrorLogEntry()" function within the Windows NT SMB Minirdr "mrxsmb.sys" driver when processing malformed Browser Election requests.
VUPEN Security, headquartered in France, said remote unauthenticated attackers or local unprivileged users could exploit the flaw by sending malformed Browser Election requests, which would cause the heap overflow within the mrxsmb.dll driver. This would allow them to crash an affected system or execute arbitrary code with elevated privileges.
With no current patch available, VUPEN recommends those affected should block or filter UDP and TCP ports 138, 139 and 445.