Zero-Day Security Flaw makes Windows PC vulnerable to Denial of Service Attacks

The CERT Team has revealed that an existing vulnerability in Microsoft’s Windows Operating Systems including Windows 10 that may allow a remote, unauthenticated attacker to gain access to the Windows system. They discovered a zero-day vulnerability in the Server Message Block (SMB) of the Windows Operating systems which lets attackers carry out Denial of Service Attacks and crash the entire operating system leading to Blue Screen of Death (BSOD).

CERT collaborates with government organizations, like the U.S. Department of Defense and the Department of Homeland Security (DHS); law enforcement, including the FBI; the intelligence community; and many industry organizations on cybersecurity matter.

patch tuesday

Exploiting the vulnerability attackers can introduce all sorts of attacks such as downloading a malicious code on the victim’s PC. As per CERT, the vulnerability is applicable to Microsoft Windows 8.1 and Windows 10. Further, it may also affect the Windows Server systems, Windows Server 2016 and Windows Server 2012 R2.

The Cert Notice reads,

“Microsoft Windows fails to properly handle traffic from a malicious server. In particular, Windows fails to properly handle a specially-crafted server response that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure. By connecting to a malicious SMB server, a vulnerable Windows client system may crash (BSOD) in mrxsmb20.sys”

Microsoft not rushing to Patch zero-day vulnerability

Apparently, Microsoft rated this vulnerability as low risk and will not rush for the Patch release. Laurent Gaffie the researcher behind this zero-day exploit, tweeted that he’d found a zero-day vulnerability in SMBv3 and released a proof-of-concept exploit at GitHub.

Laurent claims to have privately disclosed the issue to Microsoft on September 25 last year. Microsoft responded saying that had a patch ready for its December patch release, but decided to wait until its scheduled February 14 “Patch Tuesday” update to release several SMB patches rather than a single fix in December.

Workaround

As per CERT there is no practical solution to arrest the vulnerability as of now. The organization advises blocking outbound SMB connections from the local network to the WAN.

Posted by with Tags
Ankit Gupta is an Engineering graduate & an MBA post graduate. He brings with himself 3 years plus global writing experience on technology, travel & finance. He follows technological developments, especially on gadgets. Apart from having an interest in following Microsoft, he also has a deep liking for wild life, & travels to various wildlife conservatories, to be with nature.