Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Zero-Day Windows Security Flaw Could Crash Systems, Cause BSODs.
#1
Zero-Day Windows Security Flaw Could Crash Systems, Cause BSODs
US-CERT confirms vulnerability in Windows SMB service

Microsoft’s Windows operating system is once again impacted by a zero-day security flaw that allows attackers to crash systems with denial of service that would then open them to more possible attacks, including execution of arbitrary code.

An advisory published earlier today reveals that the vulnerability resides in the SMB service, and the US CERT says that both Windows 8.1 and Windows 10 are exposed to attacks. There are reports claiming that Windows Server systems could also be affected, but there’s still no confirmation in this regard.


Windows 8.1 and Windows 10 both affected

The US security institute explains its security engineers have already managed to reproduce a successful denial of service attack on fully-patched Windows 10 and 8.1 computers, but running arbitrary code is an exploit that cannot be confirmed right now as working.

“Microsoft Windows fails to properly handle traffic from a malicious server. In particular, Windows fails to properly handle a server response that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure. By connecting to a malicious SMB server, a vulnerable Windows client system may crash (BSOD) in mrxsmb20.sys,” the advisory reads.

Exploit code that allows attackers to take advantage of this zero-day flaw has already been posted online, so users of the two aforementioned operating system are exposed until a patch is provided.

While everyone’s waiting for Microsoft to step in and release an out-of-band patch to fix the security issues, the US CERT says that there’s no solution to make sure users are on the safe side, but instead provides a temporary fix that involves blocking outbound SMB connections (TCP ports 139 and 445 along with UDP ports 137 and 138) from the local network to the WAN.

We have reached out to Microsoft for a statement and more information on how users can be protected against exploits and will update the article when we receive an answer.

In the meantime, turning to US CERT’s recommendations seem to be the only good option, especially given that exploit code is already available online and can be used by any attacker until a patch is provided.
[Image: g4kMMupl.jpg]

Source: http://news.softpedia.com/news/zero-day-...2557.shtml
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Hackers are targeting industrial systems with malware mrtrout 0 848 07-16-2022 , 06:46 PM
Last Post: mrtrout
  Firefox 98.0.2 fixes a crash on Windows, an add-ons issue, and more Mohammad.Poorya 0 1,761 03-23-2022 , 03:09 PM
Last Post: Mohammad.Poorya
  Don’t name your Wi-Fi hotspot this, unless you want to crash your iPhone mrtrout 0 786 06-23-2021 , 09:44 PM
Last Post: mrtrout
  3 antimalware solutions for Linux systems sidemoon 0 1,253 04-18-2020 , 02:19 PM
Last Post: sidemoon
  Update Kaspersky were able to find a small flaw guardian 0 1,250 04-06-2020 , 10:23 AM
Last Post: guardian



Users browsing this thread: 1 Guest(s)