1 min read

SMB 2.0 Flaw Triggers BSOD

Răzvan STOICA

September 10, 2009

SMB 2.0 Flaw Triggers BSOD

Security researcher Laurent Gaffie published on his blog details and a proof of concept of an attack using an unpatched vulnerability in Windows SMB 2.0 file servers .

The published code can be used to crash ( as in BSOD ) any Windows Vista or later Windows OS which has the SMB service enabled and accessible – that is, pretty much any machine in the same home or corporate network as the attacker.

Researcher Ruben Santamarta, who has also studied the issue, warns that the flaw may also be exploited to gain control over affected machines, albeit not in a reliable manner. Exploit code has not been published so far.

There is no patch for this vulnerability as yet.

UPDATE:

Microsoft has published an advisory , stating that, contrary to earlier reports, Windows 7 and Windows 2008 RC2 are not vulnerable. The RC Windows 7 version is, though.

The advisory recommends blocking ports on the perimeter firewall and disabling SMB on the internal network (which is a polite way of saying there is no fix yet).

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read