The United States Computer Emergency Readiness Team (US-CERT) has discovered a zero-day vulnerability in the SMB service of Microsoft Windows which lets attackers carry out Denial of Service attacks and crash the entire system leading to Blue Screen of Death (BSOD).
CERT’s advisory specifies that “by connecting to a malicious SMB server (Server Message Block), a vulnerable Windows client system may crash BSOD in mrxsmb20.sys.”
Furthermore, using this vulnerability, an attacker can launch all sorts of attacks such as executing arbitrary code. This vulnerability makes Windows 8.1 and Windows 10 exposed to exploitation and may also affect the Windows Server systems.
The advisory also states that Microsoft Windows has failed to handle traffic coming from a malicious or infected server properly and also it cannot handle server response that contains too many bytes “following the structure defined in the SMB2 TREE_CONNECT Response structure.”
The CERT team also reproduced the attack method by conducting a denial of service attack onto computers running patched versions of Windows 8.1 and Windows 10. However, the team could not successfully run arbitrary code.
SMBv3 0day, Windows 2012, 2016 affected, have fun :) Oh&if you understand this poc, bitching SDLC is appropriate :)https://t.co/xAsDOY54yl
— Responder (@PythonResponder) February 1, 2017
The problem may worsen now since the exploit code that may let attackers take advantage of this zero-day vulnerability is already available online and therefore, a patch for the flaw is required badly. Until then, US-CERT cannot provide a solution to keep the users safe. It, however, has provided a temporary fix in the form of blocking outbound SMB connections on the local network.
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.