New Windows 10 Zero Day Exploit Allows Attackers to Cause a System Crash

Zarathustra[H]

Extremely [H]
Joined
Oct 29, 2000
Messages
38,744
Carnegie Mellon's Vulnerability Notes Database has a new alert up for an exploit that can allow a remote attacker to crash a Windows 10 machine. This exploit apparently works by taking advantage of a bug in how Windows 10 handles the SMB file sharing protocol. The only currently known defense is to block outbound SMB ports. Let's hope Microsoft get this one patched ASAP.

Microsoft Windows fails to properly handle traffic from a malicious server. In particular, Windows fails to properly handle a specially-crafted server response that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure. By connecting to a malicious SMB server, a vulnerable Windows client system may crash (BSOD) in mrxsmb20.sys. We have confirmed the crash with fully-patched Windows 10 and Windows 8.1 client systems, as well as the server equivalents of these platforms, Windows Server 2016 and Windows Server 2012 R2.
Note that there are a number of techniques that can be used to trigger a Windows system to connect to an SMB share. Some may require little to no user interaction.
 
Aren't SMB shares mostly on the local network ?
If not you are doing something very wrong ;)
 
Aren't SMB shares mostly on the local network ?
If not you are doing something very wrong ;)

Well, yeah, but you can type in \\<ip address>\<share> and point them pretty much anywhere.

Most of the time ISP's and routers block these ports to prevent this, but there are ways around it.
 
I was going to say how many people have their windows 10 box on the net and not behind a router? Unless someone is stupid enough to put it in the DMZ of the router.
 
DOS attacks are a monetary drain at best. Bad peeps want data that they can sell nowadays...
 
So it is an exploit that grief Windows users? I am not saying they shouldn't patch it, but I don't think they need to be in a hurry either since hackers will not get much out of it. They can take their time and make sure they patch it properly.
 
I remember a similar bug back in the Windows 98 days.
Had a sales person who kept playing music CD's on his computer, annoying everyone around him.
Since management wouldn't do anything about it (guess he met his sales numbers), I started sending the ping of death to his computer every time he started to play a CD, blue screening his computer. :whistle:

Took him a few weeks, but he finally decided not to play the CD's any more. :D
 
I was going to say how many people have their windows 10 box on the net and not behind a router? Unless someone is stupid enough to put it in the DMZ of the router.

But Windows 10 is supposed to be "the most secure and safest Windows evar".

The reality, and the irony, is that Windows 7 is safer because it's not constantly changing, has been around a long time and exploits have already been found and patched. Windows 10 meanwhile opens new attack vectors every time windows update rewards users with more forced bloatware.
 
The reality, and the irony, is that Windows 7 is safer because it's not constantly changing, has been around a long time and exploits have already been found and patched. Windows 10 meanwhile opens new attack vectors every time windows update rewards users with more forced bloatware.

THIS, a bazillion fucking times over THIS is why Windows 10 is going to - and has been since day one - be nothing but trouble. While it may not get exploits that truly affect huge massive numbers of users in droves, the fact that it's basically a rolling release now is just too problematic.

That's not to say that tomorrow some massive Windows 7 security exploit is discovered, mind you, but the stability of the older far more established product is in itself a secure aspect that can't be denied.
 
Something tells me this is old news from a long time ago. I have heard this one before but I cannot remember from where. Anyone know what I am talking about?
 
But Windows 10 is supposed to be "the most secure and safest Windows evar".

The reality, and the irony, is that Windows 7 is safer because it's not constantly changing, has been around a long time and exploits have already been found and patched. Windows 10 meanwhile opens new attack vectors every time windows update rewards users with more forced bloatware.

Dude, I am sure you have a clue and you just enjoy be sarcastic. Yes, it is the most secure and safest Windows ever, so far. However, that does not mean that it is 100% without issue no more and no less than any Linux box is. If you are really going to cry about security, I would think you would lock down and harden your OS no matter what you are using. However, I am sure that start menu replacement you are using is 100% secure, right? LOL :dummy::hungover::eek::joyful::grumpy::dead::shifty:
 
Secure and being filled with vulnerabilities might be two different things to some people. I roll my eyes whenever I hear anything OS or application is the most secure ever. Everything is going to have bugs and vulnerabilities and given the amount of code it takes for an OS it'll never stop being an issue. I do find it funny that the newer OS's seem to have more or just as many flaws as the old ones.
 
But not as dangerous as having 2/3 of my games no longer work.

I take it you're referring to the fact that I switched to Linux?

Well, since you brought it up I have to say, it's been a really good experience. I hadn't tried Linux on the desktop in some time when I loaded up Mint back in October. I was blown away. All my hardware 'just works,' even things that had been troublesome in the past like Creative sound cards. All my favorite games and about 1/3 my whole steam library run natively on Linux, even more with Wine.

You can always keep one 7 install for Windows exclusives if you need it. Its much easier than trying to maintain a house full of 7 boxes these days. Windows update has been broken for ages.
 
Never understood why Microsoft didn't put smb3 on it's own protocol stack..
Either way Windows just crashes so what, happens after every feature update too
 
Back
Top