Network Security, Patch/Configuration Management, Vulnerability Management

Unpatched Windows zero day allows DoS attacks, possibly other exploits

Microsoft Windows users beware of an unpatched memory corruption bug which could be exploited to cause denial of service (DoS) attacks as well as other exploits.

The vulnerability is in the SMB (Server Message Block) and is caused by the platform's inability to properly handle a specially-crafted server response that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure, according to a Feb 2 CERT advisory.

If a user connects to a malicious SMB server, a vulnerable Windows client system may crash and display a blue screen of death (BSOD) in mrxsmb20.sys, the advisory said.

Researchers have confirmed the flaw affects fully-patched Windows 10 and Windows 8.1 client systems, as well as the server equivalents of these platforms, Windows Server 2016 and Windows Server 2012 R2. The vulnerability is still being examined and it is possible that the flaw may enable more exploits as well.

A researcher by the moniker “PythonResponder” first reported the zero day and a proof-of-concept code was published to GitHub shortly after. It is recommended that users consider blocking outbound SMB connections from the local network to the WAN in order to prevent remote attackers from causing denial of service attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.