December 10, 2016

Windows File Sharing Vulnerability Found – Triggers Blue Screen of Death

An anonymous researcher has found and revealed a vulnerability in the SMB (Server Message Block) which affects the Windows file sharing (AKA CIFS / Common Internet File System) browser service.

The researcher also provided Proof-of-Concept (PoC) exploit code showing exactly how to exploit the vulnerability and how to force a blue screen of death.

Since this vulnerability was publicly disclosed and included PoC it means hackers and in a position to use it today to at least trigger a blue screen of death on target machines and in doing so mount a denial of service attack. Microsoft have responded with Vuln:Win/SMB.Browser.DoS!NIS-2011-0003 as a first response measure.

The vulnerability exists because the Microsoft Server Message Block (SMB) client implementation incorrectly handles malformed SMB messages. A function in the error-reporting module pushes the calling arguments into a pre-allocated fixed size buffer. And due to a bug in the length handling, this buffer can overflow.

This then results in a blue screen of death. Microsoft reckon that based on the nature of the bug remote code execution is theoretically possible, but not likely in practice.

Microsoft have also released notes on exploitability of the recent Windows BROWSER protocol issue with more technical information.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks