New flaw causes 'Blue Screen of Death' on Vista, Windows 7
IDG News Service - As Microsoft prepares to release patches, researchers said they've seen exploit code for a new flaw that puts organizations using Vista and Windows 7 at great risk.
The flaw lies in a driver used for the SMB file-sharing feature in Windows, said Bojan Zdrnja, a handler for the SANS Internet Storm Center. Exploit code was released around 11 p.m. ET, he said.
Zdrnja said he tested the exploit code and it works on fully patched Vista machines running Service Pack 1 or 2 as well as Windows 7. It may also affect Windows Server 2008. When successfully attacked, the exploit will cause the targeted machine to crash.
"You get the blue screen of death," Zdrnja said.
Researchers don't know yet if the flaw is remotely exploitable, he said. Just one malicious packet is needed to crash a machine. Most PCs on internal networks keep port 445 open, which is used for file sharing.
That's dangerous, since if a hacker already has access to a compromised computer within the network, it would be possible to crash all the other machines, Zdrnja said. Administrators should disable access to the port.
Home users usually have that port open, too, Zdrnja said. But for users who join a public Wi-Fi network, Windows will ask if it is a public network and, if it is, then block port 445.
A module for the exploit has already been created for Metasploit, a hacker toolkit used to attack PCs, Zdrnja said.
Microsoft is due to release its five patches on Tuesday, all for "critical" flaws, the company's most severe threat rating. Zdrnja said it's not known if this latest flaw will be addressed.
If it isn't patched on Tuesday, Zdrnja said the flaw is so potentially harmful that he would not be surprised if Microsoft did an off-schedule patch release.
"This is really serious," Zdrnja said. "It can potentially affect a huge number of machines."
The SANS Internet Storm Center has published a short diary entry about the flaw. Microsoft officials did not have an immediate comment but said they were investigating.
- Feds declare big win over Cryptolocker ransomware
- Hackers hit more businesses through remote access accounts
- P.F. Chang's post-breach move to manual processing is telling
- Microsoft withholds monster IE update from Windows 8.1 dawdlers
- In baffling move, TrueCrypt open-source crypto project shuts down
- 'Oleg Pliss' hack makes for a perfect teachable IT moment
- Give IE the heave-ho until Microsoft patches zero-day
- Hackers find first post-retirement Windows XP-related vulnerability
- Researcher claims two hacker gangs exploiting unpatched IE bug
- Update: Third of Internet Explorer users at risk from attacks
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- 5 Ways Dropbox for Business Keeps Your Data Protected Protecting your data isn't a feature on a checklist, something to be tacked on as an afterthought. Download here to find out how...
- The Keys to Securing Data in a Collaborative Workplace Losing data is costly. IT professionals have spent years learning how to protect their organizations from hackers, but how do you ward off...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!