Zero-Day in Windows 8, 10: Check your system

United States Computer Emergency Readiness (US-CERT) published a new zero-day affecting Microsoft Windows 8, 10 and .

US-CERT states:

Microsoft Windows contains a memory corruption bug in handling SMB traffic, which can allow a remote intruder without authentication to cause service denial or potentially run arbitrary code on a vulnerable system.Zero-Day

Attackers using this particular Zero-Day can launch denial of service (DoS) attacks against versions of Windows that contain the bug. So vulnerable devices can connect to malicious SMB. US-CERT states that there is a possibility of can also be exploited to execute arbitrary code with Windows Core privileges.

The vulnerability description reports additional information:

Windows fails to properly handle traffic from a malicious server. In particular, Windows does not correctly handle a server response that contains too many bytes following the structure defined by the SMB2 TREE_CONNECT Response. By connecting to a malicious SMB server, the vulnerable Windows system may show BSOD (Blue Screen of Death) with Mrxsmb20.sys error. It is unclear at this point whether this vulnerability can be exploited beyond a denial-of-service attack. We have confirmed the crash with fully patched systems of Windows 10 and Windows 8.1.

US-CERT επιβεβαίωσε την ευπάθεια σε πλήρως επιδιορθωμένο συστήματα client των Windows 8.1 και Windows 10. Η ιστοσελίδα Bleeping Computer αναφέρει ότι ερευνητής ασφαλείας PythonResponder ισχυρίζεται ότι η ευπάθεια επηρεάζει και τον Windows Server and 2016.

There is currently no official confirmation that Windows Servers are affected by the vulnerability.

US-CERT classifies vulnerability to the highest severity rating (10), and it is worth noting that Microsoft has not released any security updates yet.

US-CERT, on the other hand, recommends blocking all outgoing SMB connections on the TCP port 139 and 445, and UDP 137 and 138 from the local WAN network.

To find out if your version of Windows has any SMB connections, do the following:

  • At πληκτρολογήστε το Powershell, δεξί κλικ στο και ανοίξτε σαν .
  • Confirm the UAC to appear
  • and run the Get-SmbConnection command.

iGuRu.gr The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

20122016BSODclientcomputercrashdenial-of-ServiceI'm surememoryMicrosoftpowershellreadinessscreenserverserversserviceSMBstatesTCPtrafficUACUDPunitedwindowszero-daysecuritynetworkversioninformationattackby clicking hereclickteamAppliancessystemerror

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).