New flaw causes 'Blue Screen of Death' on Vista, Windows 7
IDG News Service - As Microsoft prepares to release patches, researchers said they've seen exploit code for a new flaw that puts organizations using Vista and Windows 7 at great risk.
The flaw lies in a driver used for the SMB file-sharing feature in Windows, said Bojan Zdrnja, a handler for the SANS Internet Storm Center. Exploit code was released around 11 p.m. ET, he said.
Zdrnja said he tested the exploit code and it works on fully patched Vista machines running Service Pack 1 or 2 as well as Windows 7. It may also affect Windows Server 2008. When successfully attacked, the exploit will cause the targeted machine to crash.
"You get the blue screen of death," Zdrnja said.
Researchers don't know yet if the flaw is remotely exploitable, he said. Just one malicious packet is needed to crash a machine. Most PCs on internal networks keep port 445 open, which is used for file sharing.
That's dangerous, since if a hacker already has access to a compromised computer within the network, it would be possible to crash all the other machines, Zdrnja said. Administrators should disable access to the port.
Home users usually have that port open, too, Zdrnja said. But for users who join a public Wi-Fi network, Windows will ask if it is a public network and, if it is, then block port 445.
A module for the exploit has already been created for Metasploit, a hacker toolkit used to attack PCs, Zdrnja said.
Microsoft is due to release its five patches on Tuesday, all for "critical" flaws, the company's most severe threat rating. Zdrnja said it's not known if this latest flaw will be addressed.
If it isn't patched on Tuesday, Zdrnja said the flaw is so potentially harmful that he would not be surprised if Microsoft did an off-schedule patch release.
"This is really serious," Zdrnja said. "It can potentially affect a huge number of machines."
The SANS Internet Storm Center has published a short diary entry about the flaw. Microsoft officials did not have an immediate comment but said they were investigating.
- Researcher claims two hacker gangs exploiting unpatched IE bug
- Update: Third of Internet Explorer users at risk from attacks
- Microsoft plans another short patch slate for next week, but finds a few XP bugs to crush
- Target attack shows danger of remotely accessible HVAC systems
- Target hackers try new ways to use stolen card data
- Update: Microsoft to patch just-revealed Windows zero-day tomorrow
- NSA spying prompts open TrueCrypt encryption software audit to go viral
- Microsoft warns of Office zero-day, active hacker exploits
- Hackers move to create next Blackhole after 'Paunch' arrest
- Adobe hack shows subscription software vendors lucrative targets
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts