Original URL: http://www.theregister.co.uk/2009/09/08/win_bsod_0day/
Post-Vista Windows flaw creates Blue Screen risk
Miscreants have created an exploit capable of crashing Windows boxes and triggering the infamous Blue Screen of Death.
The attack relies on exploiting an unpatched vulnerability in Microsoft's implementation of SMB2 (Server Message Block), a network protocol involved in the sharing of files and printers on a network.
Windows 2000/XP are not affected by the exploit, but newer flavours of Windows 7, Vista and Server 2008 are all at risk. Proof-of-concept code demonstrating the vulnerability was published on Monday.
Attacks based on he flaw could cause all sorts of trouble in corporate environments, in particular. Fortunately, basic firewall defences are enough to dampen the threat, according to a preliminary assessment of the problem by security researchers at the Internet Storm Centre (ISC).
"The exploit needs no authentication, only file sharing enabled with one packet to create a BSOD [Blue Screen of Death]," ISC researchers warn. "We recommend filtering access to port TCP 445 with a firewall."
Five Windows specific critical patches are due out later on Tuesday. It's rather unlikely that any will plug the new BSOD vuln. Past form indicates that the release was timed to outflank Microsoft's security gnomes and provide for the maximum exploit period. ®