Microsoft says zero-day flaw not exploitable remotely

Share this article:

Microsoft this week confirmed the existence of an unpatched vulnerability affecting all versions of Windows, but said it is unlikely the flaw could be exploited remotely.

Details of the vulnerability – and proof of concept (PoC) code showing how to exploit it – were released Monday by an anonymous researcher identified only as “Cupidon-3005” on the Full Disclosure Mailing List, a forum for the disclosure of security issues. The Windows Server Message Block (SMB) vulnerability affects an error-reporting function of the Common Internet File Service browser service module, Matt Oh, a security researcher at Microsoft wrote in a blog post Wednesday. The SMB protocol provides network file-sharing capabilities to Windows machines.

All versions of Windows are vulnerable and there is currently no patch available.  

Researchers at Vupen, a French IT security research company, labeled the flaw “critical” – the highest threat level – and said it could be exploited by remote attackers or malicious users to cause a denial of service or to take complete control of an affected system. Microsoft, however, has downplayed the severity of the flaw.

“While RCE [remote code execution] is theoretically possible, we feel it is not likely in practice,” Mark Wodrich, a security software engineer in the Microsoft Security Response Center engineering team, wrote in a blog post Wednesday. “DoS [denial of service] is much more likely.”

Danish security firm Secunia, meanwhile, labeled the flaw “moderately critical,” or a three out of five in its severity rating scale, also noting that it may allow for the execution of arbitrary code.

The vulnerability can be exploited to cause a buffer overflow via an overly long Server Name string sent in a specially crafted Browser Election Request packet, according to Secunia.

The vulnerability was disclosed to Microsoft without prior notification, the software giant said.

“Luckily, the PoC was not fully weaponized (that is, it was not designed to achieve remote code execution and just a denial of service),” Oh wrote in the blog post.

While waiting for a fix from Microsoft, users can block or filter UDP and TCP ports 138, 139 and 445, Vupen suggested.
Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.