Windows 7, Vista exposed to *teardrop attack*

Posted on Wednesday, September 09, 2009 @ 19:55:41 CEST in Security
by Raven

Posted by Ryan Naraine @ 1:26 pm, September 8th, 2009
(Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.)

[ UPDATE: Microsoft has now confirmed this vulnerability and warns of code execution risk ]
Exploit code for a remote reboot flaw in Microsoftís implementation of the SMB2 protocol has been posted on the internet, exposing users of Windows 7 and Windows Vista to the teardrop attacks that used to be popular on Windows 3.1 and Windows 95. The demo code, published on the Full Disclosure mailing list, allows an attacker to remotely crash any Windows 7 or Windows Vista machine with SMB enabled. No user action is required.

From the advisory: SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionality. The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and itís used to identify the SMB dialect that will be used for further communication.

The researcher who discovered the issue said Windows 2000 and Windows XP are not affected because they do not have the vulnerable driver.

The exploit has been added to the Metasploit point-and-click attack tool. Metasploitís HD Moore believes the bug was introduced with Windows Vista SP1.

The folks at The H Online got the exploit to fire on Windows Vista but could not replicate the issue on Windows 7. In the absence of a patch from Microsoft, they suggest closing the SMB ports by un-ticking the boxes for file and printer access in the firewall settings.
click Related        click Share
Associated Topics

News ©

Site Info v2.2.2 ©

Server TrafficServer Traffic
  • Total: 375,082,833
  • Today: 29,669
Server InfoServer Info
  • Jan 17, 2019
  • 10:34 am CET