New flaw causes 'Blue Screen of Death' on Vista, Windows 7
IDG News Service - As Microsoft prepares to release patches, researchers said they've seen exploit code for a new flaw that puts organizations using Vista and Windows 7 at great risk.
The flaw lies in a driver used for the SMB file-sharing feature in Windows, said Bojan Zdrnja, a handler for the SANS Internet Storm Center. Exploit code was released around 11 p.m. ET, he said.
Zdrnja said he tested the exploit code and it works on fully patched Vista machines running Service Pack 1 or 2 as well as Windows 7. It may also affect Windows Server 2008. When successfully attacked, the exploit will cause the targeted machine to crash.
"You get the blue screen of death," Zdrnja said.
Researchers don't know yet if the flaw is remotely exploitable, he said. Just one malicious packet is needed to crash a machine. Most PCs on internal networks keep port 445 open, which is used for file sharing.
That's dangerous, since if a hacker already has access to a compromised computer within the network, it would be possible to crash all the other machines, Zdrnja said. Administrators should disable access to the port.
Home users usually have that port open, too, Zdrnja said. But for users who join a public Wi-Fi network, Windows will ask if it is a public network and, if it is, then block port 445.
A module for the exploit has already been created for Metasploit, a hacker toolkit used to attack PCs, Zdrnja said.
Microsoft is due to release its five patches on Tuesday, all for "critical" flaws, the company's most severe threat rating. Zdrnja said it's not known if this latest flaw will be addressed.
If it isn't patched on Tuesday, Zdrnja said the flaw is so potentially harmful that he would not be surprised if Microsoft did an off-schedule patch release.
"This is really serious," Zdrnja said. "It can potentially affect a huge number of machines."
The SANS Internet Storm Center has published a short diary entry about the flaw. Microsoft officials did not have an immediate comment but said they were investigating.
- Researcher claims two hacker gangs exploiting unpatched IE bug
- Update: Third of Internet Explorer users at risk from attacks
- Microsoft plans another short patch slate for next week, but finds a few XP bugs to crush
- Target attack shows danger of remotely accessible HVAC systems
- Target hackers try new ways to use stolen card data
- Update: Microsoft to patch just-revealed Windows zero-day tomorrow
- NSA spying prompts open TrueCrypt encryption software audit to go viral
- Microsoft warns of Office zero-day, active hacker exploits
- Hackers move to create next Blackhole after 'Paunch' arrest
- Adobe hack shows subscription software vendors lucrative targets
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts