It looks like Microsoft's put a lot of new SMB bugs in their recent OS's. This is the second way we've seen to remotely crash a machine by sending it bad SMB packets.
Proof of concept/exploit code you can paste write into Python is located here: http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html
This SMB bug is worse than the first one that was found; With this bug, you don't get a telling BSOD that you can ctrl-alt-del from (and which might have info letting you known the system was crashed by the SMB exploit). This bug simply hangs the machine hard with no indication of what happened and you have to punch the power/reset button.
Worse... there's apparently a way to use it in conjunction with IE to circumvent firewalls. So, if you're lured to click on a link and it hangs your machine - it might be some jerk messing with you. No one's found a way to use either of these SMB bugs to remotely exploit code yet, so at least you can't get a worm in this manner, yet.
Microsoft reportedly isn't planning on fixing this until SP1.
What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?
Thanks for bringing this up. I'll tell my family and friends to wait till SP1 gets released before upgrading.
NEWS TIPS |
This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or hisassociates. All products and trademarks are the property of their respective owners. All content and graphical elements areCopyright © 1999 - 2014 David Altavilla and HotHardware.com, LLC. All rights reserved. Privacy and Terms