• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 15th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security

0-Day Security Flaw Could Lead Windows Devices to BSOD

February 3rd, 2017 Uzair Amir Security 0 comments
0-Day Security Flaw Could Lead Windows Devices to BSOD
Share on FacebookShare on Twitter

The United States Computer Emergency Readiness Team (US-CERT) has discovered a zero-day vulnerability in the SMB service of Microsoft Windows which lets attackers carry out Denial of Service attacks and crash the entire system leading to Blue Screen of Death (BSOD).

CERT’s advisory specifies that “by connecting to a malicious SMB server (Server Message Block), a vulnerable Windows client system may crash BSOD in mrxsmb20.sys.”

Furthermore, using this vulnerability, an attacker can launch all sorts of attacks such as executing arbitrary code. This vulnerability makes Windows 8.1 and Windows 10 exposed to exploitation and may also affect the Windows Server systems.

The advisory also states that Microsoft Windows has failed to handle traffic coming from a malicious or infected server properly and also it cannot handle server response that contains too many bytes “following the structure defined in the SMB2 TREE_CONNECT Response structure.”

The CERT team also reproduced the attack method by conducting a denial of service attack onto computers running patched versions of Windows 8.1 and Windows 10. However, the team could not successfully run arbitrary code.

SMBv3 0day, Windows 2012, 2016 affected, have fun :) Oh&if you understand this poc, bitching SDLC is appropriate :)https://t.co/xAsDOY54yl

— Responder (@PythonResponder) February 1, 2017

[fullsquaread][/fullsquaread]

The problem may worsen now since the exploit code that may let attackers take advantage of this zero-day vulnerability is already available online and therefore, a patch for the flaw is required badly. Until then, US-CERT cannot provide a solution to keep the users safe. It, however, has provided a temporary fix in the form of blocking outbound SMB connections on the local network.


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

  • Tags
  • Computers
  • internet
  • Microsoft
  • Privacy
  • security
  • Vulnerability
  • Windows
  • Windows 10
Facebook Twitter LinkedIn Pinterest
Previous article Two Arrested in UK for Hacking DC CCTV Cameras Before Trump Inauguration
Next article Palestinian Engineer Jailed for Hacking Israeli CCTVs & Drones
Uzair Amir

Uzair Amir

I am an Electronic Engineer, an Android Game Developer and a Tech writer. I am into music, snooker and my life motto is 'Do my best, so that I can't blame myself for anything.'

Related Posts
Unpatched MS Exchange servers hit by cryptojacking malware

Unpatched MS Exchange servers hit by cryptojacking malware

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

FBI accessing computers across US to remove malicious web shells

FBI accessing computers across US to remove malicious web shells

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Unpatched MS Exchange servers hit by cryptojacking malware
Security

Unpatched MS Exchange servers hit by cryptojacking malware

Indian supply-chain giant Bizongo exposed 643GB of sensitive data
Leaks

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

FBI accessing computers across US to remove malicious web shells
Security

FBI accessing computers across US to remove malicious web shells

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us