Wednesday, 8 February 2017

Windows 10 attacked with a Zero Day Attack

 
Last weekend a security researcher publically disclosed a zero-day vulnerability in Windows 10, Windows 8.1 and Server editions after Microsoft failed to patch it in the past three months.

The zero-day memory corruption flaw resides in the implementation of the SMB (server message block) network file sharing protocol that could allow a remote, unauthenticated attacker to crash systems with denial of service attack, which would then open them to more possible attacks.

According to US-CERT, the vulnerability could also be exploited to execute arbitrary code with Windows kernel privileges on vulnerable systems, but this has not been confirmed right now by Microsoft.

Without revealing the actual scope of the vulnerability and the kind of threat the exploit poses, Microsoft has just downplayed the severity of the issue, saying:
"Windows is the only platform with a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection."
However, the proof-of-concept exploit code, Win10.py, has already been released publicly for Windows 10 by security researcher Laurent Gaffie and does not require targets to use a browser.

The memory corruption flaw resides in the manner in which Windows handles SMB traffic that could be exploited by attackers; all they need is tricking victims to connect to a malicious SMB server, which could be easily done using clever social engineering tricks.

"In particular, Windows fails to properly handle a server response that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure," CERT said in the advisory
"By connecting to a malicious SMB server, a vulnerable Windows client system may crash (BSOD) in mrxsmb20.sys."
Since the exploit code is now publicly available to everyone and there is no official patch from Microsoft, all Windows users are left open to potential attacks at this time.

Until Microsoft patches the memory corruption flaw (most probably in the upcoming Windows update or out-of-band patch), Windows users can temporarily fix the issue by blocking outbound SMB connections (TCP ports 139 and 445 and UDP ports 137 and 138) from the local network to the WAN.

The vulnerability has been given Common Vulnerability Scoring System (CVSS) score of 7.8. Proof-of-concept code has been published on GitHub.

1 comment:

  1. CONTACT: onlineghosthacker247 @gmail. com
    -Find Out If Your Husband/Wife or Boyfriend/Girlfriend Is Cheating On You
    -Let them Help You Hack Any Website Or Database
    -Hack Into Any University Portal; To Change Your Grades Or Upgrade Any Personal Information/Examination Questions
    -Hack Email; Mobile Phones; Whatsapp; Text Messages; Call Logs; Facebook And Other Social Media Accounts
    -And All Related Services
    - let them help you in recovery any lost fund scam from you
    onlineghosthacker Will Get The Job Done For You
    onlineghosthacker247 @gmail. com
    TESTED AND TRUSTED!

    ReplyDelete

Thanks for reading this article.
Please comment your reviews..This will help us improve.

Popular Posts