Attacks could be aimed at any browser, not just Internet Explorer (IE), Microsoft warned. After tricking users into visiting a malicious site or a previously-compromised domain, hackers could feed them specially-crafted URIs (uniform resource identifier), and then crash their PCs with malformed SMB packets.

Microsoft said it may patch the problem, but didn't spell out a timetable or commit to an out-of-cycle update before the next regularly-scheduled Patch Tuesday of Dec. 8. Instead, the company suggested users block TCP ports 139 and 445 at the firewall. Doing so, however, would disable browsers as well as a host of critical services, including network file-sharing and IT group policies.