Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Saturday February 04 2017, @02:09AM   Printer-friendly
from the samba,-not-simba dept.

Submitted via IRC for TheMightyBuzzard

The United States Computer Emergency Readiness Team (US-CERT) published a vulnerability note yesterday about a new zero-day vulnerability affecting Microsoft Windows 8, 10 and Server editions. It reads:

Microsoft Windows contains a memory corruption bug in the handling of SMB traffic, which may allow a remote, unauthenticated attacker to cause a denial of service or potentially execute arbitrary code on a vulnerable system.

Attackers may cause a denial of service attack against affected versions of Windows by causing Windows devices to connect to a malicious SMB share. US-CERT notes that the possibility exists that the vulnerability may be exploited to execute arbitrary code with Windows kernel privileges.

Attacked systems may throw a blue-screen on successful attacks.

[...] US-CERT confirmed the vulnerability on fully-patched Windows 8.1 and Windows 10 client systems. Bleeping Computer notes that security researcher PythonResponder claimed that it affects Windows Server 2012 and 2016 as well. While there is no official confirmation of that yet, it seems likely that the Server products are also affected by the vulnerability.

[...] Microsoft has not released a security advisory yet, but it is probably only a matter of time before the company publishes a security advisory to inform customers about the vulnerability and mitigation options. US-CERT recommends to block outbound SMB connections on TCP port 139 and 445, and UDP ports 137 and 138 from the local network to the WAN. to protect Windows devices.

Source: http://www.ghacks.net/2017/02/03/smb-zero-day-affecting-windows-8-10-and-server/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Saturday February 04 2017, @04:37AM

    by Anonymous Coward on Saturday February 04 2017, @04:37AM (#462750)

    Note that its outgoing SMB. I know I normally worry less about outgoing compared to incoming.

  • (Score: 1) by andersjm on Saturday February 04 2017, @11:22AM

    by andersjm (3931) on Saturday February 04 2017, @11:22AM (#462815)

    The bad news is that it might be very easy to trick a target into accessing an attacker-controlled share.

    I wonder what an XMLHttpRequest for \\evil.invalid\evil\evil.html embedded in malvertisment would do in Internet Explorer? I don't have an MSWin computer nearby, so I can't try myself.

    • (Score: 2, Informative) by Anonymous Coward on Sunday February 05 2017, @08:25AM

      by Anonymous Coward on Sunday February 05 2017, @08:25AM (#463063)

      It's simpler than an XMLHttpRequest. All it take would take is embedding an image into a page that pointed to a malicious server. Both IE and Edge will attempt to load images over SMB.

      Then again, why bother with malvertising when you can just get the user's username and password for their computer by embedding an image on a specially hosted webserver?

      https://www.bleepingcomputer.com/news/security/understanding-the-windows-credential-leak-flaw-and-how-to-prevent-it/ [bleepingcomputer.com]