Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zero-Day Windows Security Flaw Can Crash Systems, Cause BSODs (helpnetsecurity.com)

Posted by BeauHD on from the counting-down-the-days dept.

Orome1 quotes a report from Help Net Security: A zero-day bug affecting Windows 10, 8.1, Windows Server 2012 and 2016 can be exploited to crash a vulnerable system and possibly even to compromise it. It is a memory corruption bug in the handling of SMB traffic that could be easily exploited by forcing a Windows system to connect to a malicious SMB share. Tricking a user to connect to such a server should be an easy feat if clever social engineering is employed. The vulnerability was discovered by a researcher that goes by PythonResponder on Twitter, and who published proof-of-exploit code for it on GitHub on Wednesday. The researcher says that he shared knowledge of the flaw with Microsoft, and claims that "they had a patch ready 3 months ago but decided to push it back." Supposedly, the patch will be released next Tuesday. The PoC exploit has been tested by SANS ISC CTO Johannes Ullrich, and works on a fully patched Windows 10. "To be vulnerable, a client needs to support SMBv3, which was introduced in Windows 8 for clients and Windows 2012 on servers," he noted, and added that "it isn't clear if this is exploitable beyond a denial of service." Until a patch is released, administrators can prevent it from being exploited by blocking outbound SMB connections (TCP ports 139 and 445, UDP ports 137 and 138) from the local network to the WAN, as advised by CERT/CC. "The tweet originally announcing this issue stated that Windows 2012 and 2016 is vulnerable," the researcher said. "I tested it with a fully patched Windows 10, and it got an immediate blue screen of death."

2 of 64 comments (clear)

  1. Yet another reason... by LVSlushdat · · Score: 2, Informative

    Yet another reason, if we really *need* another, to quit using MS products. I used/supported MS products for 20 years as a sysadmin, but when I retired in 2010, I decided I was done with Windows on my personal systems. I had been dualbooting Win7 and Linux, but once I made the decision, I simply deleted the Win7 partition, and reinstalled grub. After 6 years of zero MS, I've not missed it a bit.. In fact, I'm forced to use Windows in a part-time volunteer support position with a local charity, and I find that using Windows now, after being 100% Linux for going on 7 years, is very unnatural. After seeing all of the multiple forms of abuse MS heaps on those who still use Windows, I couldn't be happier with my decision...

    --
    THANK YOU, Edward Snowden!! Americans owe you a debt of gratitude (whether they know it or not..)
  2. Re:Stupid by Lord+Crc · · Score: 3, Informative

    SMB services should -never- ever be exposed to the internet, under any circumstances.

    If it's like the last SMB issue, then the issue is not that they send packets to an SMB server, but rather get the machine to connect (outbound) to a malicious SMB server, which replies with malicious packets.

    This can be done using standard phishing tricks.

    This is why one should block outbound SMB traffic as well.