Windows 7, Vista Zero-Day Brings BSoD

Security researcher Laurent Gaffie reports that a zero-day vulnerability affecting both Windows 7 and Vista could allow an attacker to invoke the dreaded Blue Screen of Death. Apparently there is a flaw in a Server Message Block 2 (SMB2) driver that's causing the critical system failure. Gaffie's blog, posted yesterday, says that the driver fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionality. Windows Server 2008 may also be affected by the exploit.

"An attacker can remotely crash any Vista/Windows 7 machine with SMB enabled," the blog reads. Apparently, Windows XP and 2000 are not affected, as they do not have the SRV2.SYS driver. Gaffie provides a proof of concept sample, and suggests that users close the SMB ports by un-ticking the boxes for file and printer access in the firewall settings until Microsoft releases a patch. Gaffie also contacted Microsoft, however no reply has been provided as of this writing.

The H Security expands on the problem's definition, reporting that the driver crashes when the header of the "Process Id High" field contains an ampersand. The attack can travel through port 445 of the target system, and does not require authentication. The H Security also said that an exploit written in Python is already available.

The site's German associate actually tested the exploit, and succeeded in remotely rebooting a Windows Vista system. The test had no affect on the Windows 7 machine. According to ZDNet, Security researcher (and author of Metasploit) HD Moore suggests in this tweet that a SMB bug may have already been introduced into Vista SP1.

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
32 comments
    Your comment
    Top Comments
  • vladtepes
    BSODs are to Windows as the spinning beach ball of death is to Mac OSX
    13
  • jhansonxi
    The fact that it also affects Vista proves that Microsoft is serious about backwards compatibility. :D
    13
  • Other Comments
  • vladtepes
    BSODs are to Windows as the spinning beach ball of death is to Mac OSX
    13
  • NightLight
    Someone should invent a BSOD vista gadget :p
    Mine would be stuck on "0"!
    0
  • theLaminator
    I'm still waiting to get a BSOD on my cell phone running Win Mobile, I'd quite possibly laugh my ass off. Though I'd be quite pissed if I lost data
    6