A vulnerability in Microsoft's implementation of the SMB2 protocol can be exploited via the net to crash or reboot Windows Vista. The root of the problem is an error in how the srv2.sys driver handles client requests when the header of the "Process Id High" field contains an ampersand. The attack does not require authentication; port 445 of the target system merely has to be accessible, which in the default Windows local network configuration, it usually is
Read more..
SMB2 hole in Vista allows remote reboot, Windows 7 not affected
