The United States Computer Emergency Readiness Team (US-CERT) has releases an official Advisory yesterday.
Microsoft Windows contains a memory corruption bug in the handling of SMB traffic, which may allow a remote, unauthenticated attacker to cause a denial of service or potentially execute arbitrary code on a vulnerable system.In short – some Windows versions (clients an servers) contains a memory corruption bug in the code to handle SMB data traffic. The bug is contained within the kernel file mrxsmb20.sys.
Microsoft Windows fails to properly handle traffic from a malicious server. In particular, Windows fails to properly handle a server response that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure. By connecting to a malicious SMB server, a vulnerable Windows client system may crash (BSOD) in mrxsmb20.sys.
US-CERT writes, that the bug may be used by unauthenticated attacker to cause a denial of service (aka Blue Screen) – or in worst case inject and execute malicious code. Exploit code to use this vulnerability has been released to the public (see this tweet and here).
SMBv3 0day, Windows 2012, 2016 affected, have fun :) Oh&if you understand this poc, bitching SDLC is appropriate :)https://t.co/xAsDOY54yl— Responder (@PythonResponder) 1 de fevereiro de 2017
@PythonResponder quick and dirty gif pic.twitter.com/ccwrrG36rO— Chris Mallz (@vvalien1) 1 de fevereiro de 2017
Comentários
Postar um comentário