Post-Vista Windows flaw creates Blue Screen risk Miscreants have created an exploit capable of crashing Windows boxes and triggering the infamous Blue Screen of Death. The attack relies on exploiting an unpatched vulnerability in Microsoft's implementation of SMB2 (Server Message Block), a network protocol involved in the sharing of files and printers on a network. Windows …
to any LAN resource via public facing interfaces without first authenticating the user at the firewall, fair enough. But from inside the LAN?
Microsoft software testing sucks so bad that the public become the beta testers.
When SMB 2.0 receives a "&" character in the "Process ID High" SMB header field it responds with a BSOD. To miss such a trivial exploit Microsoft QA is worse than I thought.
As far as I am aware this flaw was discovered by Laurent Gaffie.
Fat lot of use that'll be, once someone crafts a virus that goes around "pinging" port 445 on the inside of your firewall. Or does so using a trojanned system. And if 445 isn't open at all, how do you share files?
I almost hope that they do write such a virus... I'd love to see all the flag-wavers for Vista and Windows BSODded to a stand-still, while those of use who stuck with good (well OK) old XP get on with our work.
@David W.
The last time one of these was discovered on Windows XP, it later proved to be one of those highly exploitable wildfire virus enablers. Ideally, 445 should be firewalled, but basically you exploit it by infecting a machine by other means which then gets it past the hard and crunchy and into the soft sweet center where you have a trusted network just waiting to fall over and widdle on itself. It would be a really good test of Windows 7 to see how it reacts and if all the other stuff done in its construction stops the problem at merely being a BSOD. That actually would be proof that the OS is way more secure.
There hasnt been nearly enough BSOD lately and they have a new commercial coming up where mac guy says windows crashes all the time.
They couldnt get quicktime or itunes to BSOD enough windows machines so apple windows virus team to the rescue!
Reg needs a tinfoil hat icon.
On an internal trusted network? If this proves to be exploitable, it is a trinary weapon. You use it as the terminal payload after hitting any workstation by another means. Windows Firewalls only present a global hard surface, still soft and gooey once you're inside.
wasn't vista meant to be redesigned and they broke existing software compatibility specifically to make it "more secure" - which raises the question, why is this possible? surely the SMB server should be user-mode and therefore not capable of causing any kind of kernel fault? what the hell are they doing still embedding it in the kernel???
You mean the Windows Firewall that lets SMB traffic on port 445 through automatically?
Of course you could disable file sharing, it would close the port then. But then if you had file sharing disabled the exploit wouldn't work anyway and you wouldn't need a firewall to save you from it.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
