Microsoft confirms 'detailed' Windows 7 exploit
Microsoft has issued a security advisory to acknowledge a crippling denial-of-service flaw affecting its newest operating systems — Windows 7 and Windows Server 2008 R2.
Exploit code for the vulnerability was released by researcher Laurent Gaffié after failed attempts to get Microsoft’s security response center to acknowledge that this was an issue that needs to be patched.
Following the publication of Gaffié’s exploit, Microsoft swiftly released Security Advisory 977544 with pre-patch mitigations and a confirmation that the “detailed” code could provide a roadmap for hackers to cause Windows 7 and Windows Server 2008 R2 systems to stop responding until manually restarted.
Here’s an explanation of the cause of the vulnerability:
The kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains a NetBIOS header with an incorrect length value.
The vulnerability can be exploited via the Web:
In a Web-based attack scenario, an attacker would have to host a Web page that contains a specially crafted URI. A user that browsed to that Web site will force an SMB connection to an SMB server controlled by the attacker, which would then send a malicious response back to the user. This response would cause the user’s system to stop responding until manually restarted. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted Web site. Instead, an attacker would have to convince them to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes them to the attacker’s site.
In the absence of a patch, Microsoft recommends that affected users block TCP ports 139 and 445 at the firewall. Windows users should also block all SMB communications to and from the Internet to help prevent attacks.
UPDATE: Gaffié wrote in to clarity that his decision to release this exploit was related to Microsoft’s stance on a different vulnerability, which is also unpatched.
Exploit code for the vulnerability was released by researcher Laurent Gaffié after failed attempts to get Microsoft’s security response center to acknowledge that this was an issue that needs to be patched.
Following the publication of Gaffié’s exploit, Microsoft swiftly released Security Advisory 977544 with pre-patch mitigations and a confirmation that the “detailed” code could provide a roadmap for hackers to cause Windows 7 and Windows Server 2008 R2 systems to stop responding until manually restarted.
Here’s an explanation of the cause of the vulnerability:
The kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains a NetBIOS header with an incorrect length value.
The vulnerability can be exploited via the Web:
In a Web-based attack scenario, an attacker would have to host a Web page that contains a specially crafted URI. A user that browsed to that Web site will force an SMB connection to an SMB server controlled by the attacker, which would then send a malicious response back to the user. This response would cause the user’s system to stop responding until manually restarted. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted Web site. Instead, an attacker would have to convince them to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes them to the attacker’s site.
In the absence of a patch, Microsoft recommends that affected users block TCP ports 139 and 445 at the firewall. Windows users should also block all SMB communications to and from the Internet to help prevent attacks.
UPDATE: Gaffié wrote in to clarity that his decision to release this exploit was related to Microsoft’s stance on a different vulnerability, which is also unpatched.
0 Response to "Microsoft confirms 'detailed' Windows 7 exploit"
Post a Comment
Leave Your Thoughts & We Will Discuss Together