Windows 7 / Server 2008 Remote Crash Exploit

rated by 0 users
This post has 1 Reply | 2 Followers

Top 10 Contributor
Posts 5,053
Points 60,715
Joined: May 2008
Location: U.S.
Moderator
3vi1 Posted: Mon, Nov 16 2009 8:10 AM

It looks like Microsoft's put a lot of new SMB bugs in their recent OS's.  This is the second way we've seen to remotely crash a machine by sending it bad SMB packets.

Proof of concept/exploit code you can paste write into Python is located here:  http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html

This SMB bug is worse than the first one that was found;  With this bug, you don't get a telling BSOD that you can ctrl-alt-del from (and which might have info letting you known the system was crashed by the SMB exploit).  This bug simply hangs the machine hard with no indication of what happened and you have to punch the power/reset button.

Worse... there's apparently a way to use it in conjunction with IE to circumvent firewalls.  So, if you're lured to click on a link and it hangs your machine - it might be some jerk messing with you.  No one's found a way to use either of these SMB bugs to remotely exploit code yet, so at least you can't get a worm in this manner, yet.

Microsoft reportedly isn't planning on fixing this until SP1.

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

Top 75 Contributor
Posts 1,964
Points 25,705
Joined: Sep 2009

Thanks for bringing this up. I'll tell my family and friends to wait till SP1 gets released before upgrading.

  • | Post Points: 5
Page 1 of 1 (2 items) | RSS