Feeds

Post-Vista Windows flaw creates Blue Screen risk

BSOD it

Beginner's guide to SSL certificates

Miscreants have created an exploit capable of crashing Windows boxes and triggering the infamous Blue Screen of Death.

The attack relies on exploiting an unpatched vulnerability in Microsoft's implementation of SMB2 (Server Message Block), a network protocol involved in the sharing of files and printers on a network.

Windows 2000/XP are not affected by the exploit, but newer flavours of Windows 7, Vista and Server 2008 are all at risk. Proof-of-concept code demonstrating the vulnerability was published on Monday.

Attacks based on he flaw could cause all sorts of trouble in corporate environments, in particular. Fortunately, basic firewall defences are enough to dampen the threat, according to a preliminary assessment of the problem by security researchers at the Internet Storm Centre (ISC).

"The exploit needs no authentication, only file sharing enabled with one packet to create a BSOD [Blue Screen of Death]," ISC researchers warn. "We recommend filtering access to port TCP 445 with a firewall."

Five Windows specific critical patches are due out later on Tuesday. It's rather unlikely that any will plug the new BSOD vuln. Past form indicates that the release was timed to outflank Microsoft's security gnomes and provide for the maximum exploit period. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Be real, Apple: In-app goodie grab games AREN'T FREE – EU
Cupertino stands down after Euro legal threats
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Bada-Bing! Mozilla flips Firefox to YAHOO! for search
Microsoft system will be the default for browser in US until 2020
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.