February 5, 2017

 

United States Computer Emergency Readiness Team (US-CERT) has discovered a zero-day vulnerability in the SMB service of Microsoft Windows which lets attackers carry out Denial of Service attacks and crash the entire system leading to Blue Screen of Death (BSOD).

 

CERT’s advisory specifies that “by connecting to a malicious SMB server (Server Message Block), a vulnerable Windows client system may crash BSOD in mrxsmb20.sys.”

 

Furthermore, using this vulnerability, an attacker can launch all sorts of attacks such as executing arbitrary code. This vulnerability makes Windows 8.1 and Windows 10 exposed to exploitation and may also affect the Windows Server systems.

 

The advisory also states that Microsoft Windows has failed to handle traffic coming from a malicious or infected server properly and also it cannot handle server response that contains too many bytes “following the structure defined in the SMB2 TREE_CONNECT Response structure.”

 

The CERT team also reproduced the attack method by conducting a denial of service attack onto computers running patched versions of Windows 8.1 and Windows 10. However, the team could not successfully run arbitrary code.

https://t.co/xAsDOY54yl

 

 

The problem may worsen now since the exploit code that may let attackers take advantage of this zero-day vulnerability is already available online and therefore, a patch for the flaw is required badly. Until then, US-CERT cannot provide a solution to keep the users safe. It, however, has provided a temporary fix in the form of blocking outbound SMB connections on the local network.

Share

April 20, 2015

What is a 0 day exploit? It’s basically an exploit to break into an IT system like any other exploit. The important difference is that those 0 day exploits have not yet been discovered by the vendors (like Microsoft, Apple) or they are know but no patches to fix the flaws are yet available.

For a long time there has been an underground market where security researchers sell exploit to cash rich individuals and governments. Even on the clear web there are numerous companies offering those services. Recently a new 0 day exploit platform has emerged on the Dark Web. Security Analysts however are not in the clear yet on whether it’s genuine exploits being sold there or whether it’s a scam rip off.

The only way to find this out really, would be to buy an exploit. Serious vulnerability zero day exploits are usually traded for sums in the hundreds of thousands, so it’s surprising that an exploit for iTunes is offered a lot cheaper. It may be a scam, but who knows!

http://thehackernews.com/2015/04/underground-exploit-market.html

Share