The vulnerability is in the SMB (Server Message Block) and is caused by the platform’s inability to properly handle a specially-crafted server response that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure, according to a Feb 2 CERT advisory.
If a user connects to a malicious SMB server, a vulnerable Windows client system may crash and display a blue screen of death (BSOD) in mrxsmb20.sys, the advisory said.
Researchers have confirmed the flaw affects fully-patched Windows 10 and Windows 8.1 client systems, as well as the server equivalents of these platforms, Windows Server 2016 and Windows Server 2012 R2. The vulnerability is still being examined and it is possible that the flaw may enable more exploits as well.
A researcher by the moniker “PythonResponder” first reported the zero day and a proof-of-concept code was published to GitHub shortly after. It is recommended that users consider blocking outbound SMB connections from the local network to the WAN in order to prevent remote attackers from causing denial of service attacks.