Patch Tuesday Fun – Blue Screen your Vista, 2008 and maybe even Windows 7 boxes

8 09 2009

Hole in Windows Vista and 7 allows remote reboot

A vulnerability in Microsoft’s implementation of the SMB2 protocol can be exploited via the net to crash or reboot Windows Vista and Windows 7 systems. The root of the problem is an error in how the srv2.sys driver handles client requests when the header of the “Process Id High” field contains an ampersand. The attack does not require authentication; port 445 of the target system merely has to be accessible, which in the default Windows local network configuration, it usually is. SMB2 is an extension of the conventional server message block protocol.
An exploit written in Python is already available. A test at heise Security, The H’s German associates, confirmed that the exploit enabled a remote reboot of a Vista system. However, in the test, the exploit had no apparent effect on a computer running Windows 7. According to the report written by Laurent Gaffie, who discovered the vulnerability, Windows Server 2008 might also be affected, since all of the systems named used the same SMB2.0 driver. Windows 2000 and XP were not affected, however, since they do not support SMB2.
Microsoft has yet to release an official update for the issue. Presently, the only remedy is to close the SMB ports by un-ticking the boxes for file and printer access in the firewall settings.

It was so easy even I was able to do it…




Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: