Zero-Day in Windows 8, 10: Check your system

United States Computer Emergency Readiness (US-CERT) published a new zero-day that affects Microsoft's operating systems , 10 and Server.

US-CERT states:

Microsoft Windows contains a memory corruption bug in the handling of SMB traffic, which could allow a remote attacker to, without control s to cause a denial of service or potentially execute arbitrary code on a vulnerable system.Zero-Day

Attackers using this Zero-Day can cause denial of service (DoS) attacks against Windows versions containing the bug. So vulnerable devices can connect to malicious SMBs. US-CERT reports that there is a possibility that vulnerability can also be exploited to perform arbitrary code with Windows Core privileges.

The vulnerability description reports additional information:

Windows fails to handle traffic correctly from a malicious server. In particular, Windows does not correctly handle a server response that contains too many bytes following the structure specified by the SMB2 TREE_CONNECT Response. By connecting to a malicious SMB server, the vulnerable Windows system may display the BSOD (Blue Screen of Death) error with Mrxsmb20.sys. It is unclear at this point whether this vulnerability can be exploitable beyond a denial-of-service attack. We have confirmed crash with fully-repaired Windows 10 and Windows 8.1 client systems.

US-CERT has confirmed the vulnerability in fully patched Windows 8.1 and Windows 10 client systems. Bleeping Computer reports that security researcher PythonResponder claims that the vulnerability affects both Windows Server 2012 and 2016.

There is currently no official confirmation that Windows Servers are affected by the vulnerability.

US-CERT classifies vulnerability to the highest severity rating (10), and it is worth noting that Microsoft has not released any security updates yet.

US-CERT, on the other hand, recommends blocking all outgoing SMB connections on the TCP port 139 and 445, and UDP 137 and 138 from the local WAN network.

To find out if the of Windows you are using has any SMB connections, do the following:

  • In search, type Powershell, right-click the icon and open as administrator.
  • Confirm the UAC to appear
  • and run the Get-SmbConnection command.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.086 registrants.

20122016BSODclientcomputercrashdenial-of-ServiceI'm surememoryMicrosoftpowershellreadinessscreenserverserversserviceSMBstatesTCPtrafficUACUDPunitedwindowszero-daysecuritynetworkversioninformationattackby clicking hereclickteamAppliancessystemerror

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).