Windows 7: Exploit Causes BSoD
Well I guess the timing couldn’t be more perfect, Microsoft released for partners a month ago Windows 7 and will be released to public n October 22; and we have already a big exploit going around.
A report said that vulnerability was found using the Server Message Block 2.0 protocol (SMB2) that causes the one and only BSoD (Blue Screen of Death). That includes not only all Windows 7 versions (32 and 64 bits included), but Windows Vista and Windows Server 2008; since all of these operating systems are using the same protocol.
Picture taken from a Nine Inch Nails Concert
On the good side, since the protocol it is commonly used only in LAN networks, the attacker should be in the same network segment as you. The funny thing is that this same exploit appeared in Windows 2000 and Windows XP, and Microsoft released of course an update to solve this security hole.
Even though Microsoft it is informed about this issue, there is no patch available to solve this inconvenient. Here’s a quick description about the exploit:
“SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionality. The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it’s used to identify the SMB dialect that will be used for further communication.
An attacker can remotely crash without no user interaction, any Vista/Windows 7 machine with SMB enable. Windows Xp, 2k, are NOT affected as they don’t have this driver.”
And how can I disable SMB? Access the TCP/IP properties from your network adapter and uncheck the “File and Printer Sharing for Microsoft Networks”.
