Thanks to Swordmaker for the ping!!
Posted on 02/03/2017 7:53:50 PM PST by markomalley
US CERT on Thursday issued a security advisory warning that all currently supported versions of Windows are vulnerable to a memory corruption bug that can be exploited to crash computers from afar.
"Windows fails to properly handle a specially-crafted server response that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure," the security organization said. "By connecting to a malicious SMB server, a vulnerable Windows client system may crash (BSOD) in mrxsmb20.sys."
The vulnerability was initially rated 10 out of 10 in terms of severity, but has since been downgraded to 7.8. To make use of the vulnerability, an attacker would have to get the Windows system to connect to a malicious SMB share.
This can be done by tricking a victim into clicking on a malicious link to a share in an email in Outlook, or by embedding in a webpage an invisible image with a source URL to an evil file server and getting the mark to visit the site using Internet Explorer, for example. The result is a blue-screen-of-death system crash out of nowhere for the poor user.
Security researcher Laurent Gaffié in an email told The Register that the bug involves a null-pointer dereference. He said that both Microsoft and he consider it a potential means to conduct a remote denial of service attack, but not a means to execute code remotely.
He said the bug can be used to make a target reboot either locally, via Netbios or LLMNR poisoning, or remotely via a UNC link.
"It's important to note that this trivial bug should have been caught immediately by [Microsoft's] SDLC process, but surprisingly it was not," Gaffié said. "This mean that the new code base was simply not audited or fuzzed before shipping it on their latest operating systems."
Gaffié said he submitted the bug to Microsoft on September 25, 2016, and that Microsoft had a patch ready for its December patch cycle. The company pushed the fix back to February, he explained, because it made more sense to them to released several SMB fixes at once rather than a single one in December.
As other security researchers have done, Gaffié said he decided to release the bug a week before the patch because this isn't the first time Microsoft has sat on vulnerabilities he's reported, enough though he's doing work to help the company for free.
"When they sit on a bug like this one, they're not helping their users but doing marketing damage control, and opportunistic patch release," he said. "This attitude is wrong for their users, and for the security community at large."
Gaffié has released a proof-of-concept exploit through GitHub. ®
Downloaded windows 10. Big mistake. Will not open Edge and says “Woops. We can’t get there from here!”
“Gaffié said he decided to release the bug a week before the patch ...”
Why release it at all?
Ping
Because without that pressure, M$ wouldn't bother fixing anything.
My head is spinning trying to read this. . .I’m still plodding away using Windows 7. . . .any hope for me?
Yes.
I clicked on a European Bulgarian yogurt link the other day that crashed me 3 times, without even the courtesy of the BSOD, just re-boots. Another link did the same a couple weeks ago.
What else is new? Microsoft doesn't give a damn about their customers, or what they need and want.
Same old, same old.
Don't 'upgrade' to Windows 10.
Your Windows 7 system is the best OS Microsoft ever designed. Hold onto it until they rip it from your cold dead fingers.
Thanks. . .your post made me feel better.
Here is a pic of a guy using Windows 7
http://nynerd.com/wp-content/uploads/2007/03/microsoft-tech-support.jpg
Or what Microsoft wants you to think so you move to the future and use Windows 10..........
Thanks. . .I needed that :)
Windows is a virus, and has been for years. People tolerate it, and learn to live with it because, unless you go Apple or Linux with their own quirks and idiosyncrasies, windows is still the only game in town for many applications. So people put up with its bullshit, but the fact remains that it’s been a crappy buggy error-prone operating system for decades. Microsoft spread itself too thin, and instead of producing a world class OS, they offer a myriad of products of dubious quality.
That’s why I refer to them as the “Trolls of Redmond”.
I had too many issues with Windows 10 along with it’s spyware and moved back to Windows 7.
Customize Windows 7
Stardock
http://www.stardock.com/products
WindowBlinds
http://www.stardock.com/products/windowblinds
Wincustomize
http://www.wincustomize.com
The people who create these “bugs” need to be found and made to wish that there was a death penalty for their transgressions. Unheated cell, thin blanket, loud acid rock-rap-Islamic call to prayer (whichever appears to offend the individual most) playing 24-7, bread and water, nowhere to sit or lie down...
Thanks
Thanks to Swordmaker for the ping!!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.