Zero-Day in Windows 8, 10: Check your system


The team United States computer Emergency Readiness (US-CERT) published a new zero-day affecting its functionalities Microsoft Windows 8, 10 and Server & Hosting.

US-CERT states:

The Microsoft Windows contain one memory corruption bug in its handling SMB traffic, which can allow a remote intruder without authentication to deny service or potentially execute arbitrary code on a vulnerable system.Zero-Day

The attackers using this Zero-Day can cause denial of attacks service (DoS) vs. versions of Windows containing the bug. So vulnerable devices can be connected to malicious ones SMB. US-CERT states that there is a possibility that the vulnerability could be exploited to execute arbitrary code with its privileges Windows Core.

The vulnerability description reports additional information:

The Windows fail to properly handle traffic from a malicious server. In particular, the Windows do not properly handle a server response that contains too many bytes following the structure defined by SMB2 TREE_CONNECT Response. By connecting to a malicious server SMB, the vulnerable system of Windows can display the BSOD (Blue Screen of Death) with Mrxsmb20.sys error. It is not clear at this point whether this vulnerability can be exploited beyond an attack denial-of-Service. We have confirmed it crash with fully repaired systems client of Windows 10 and Windows 8.1.

US-CERT confirmed vulnerabilities in fully repaired systems client of Windows 8.1 and Windows 10. The Bleeping website computer reports that security researcher PythonResponder claims that the vulnerability also affects him Windows Server & Hosting 2012 and 2016.

There is currently no official confirmation that the Servers of Windows from vulnerability.

US-CERT ranks vulnerability in the highest severity score (10), and it is worth noting that Microsoft No security update has been released yet.

US-CERT, on the other hand, recommends blocking all outgoing connections SMB at the door TCP 139 and 445, and UDP 137 and 138 from the local network on the WAN.

To find out if the version of Windows that you use has any connections SMB, do the following:

  • In the search enter it Powershell, right-click on the icon and open it as an administrator.
  • Confirm it UAC that will appear
  • and run the Get-SmbConnection command.

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news