Windows flaw spells BSOD risk to newer operating systems

Windows flaw spells BSOD risk to newer operating systems
Concept code has been published that takes advantage of an unpatched vulnerability in Microsoft's implementation of Server Message Block (SMB), which is a protocol used in File and Printer sharing over a network. Microsoft's Windows Vista, Windows Server 2008 and Windows 7 are all currently affected by the unpatched vulnerability, while Windows 2000 and Windows XP are not affected by it at all.

The concept exploit uses the flaw to force Windows machine into the infamous Blue Screen of Death (BSOD). According to security researchers at the Internet Storm Center (ISC), the problem is defeated by using basic firewall protection. "The exploit needs no authentication, only file sharing enabled with one packet to create a BSOD," ISC researchers warn. "We recommend filtering access to port TCP 445 with a firewall."



Microsoft issued a number of security updates during the day to address some serious vulnerabilities in the Windows operating systems. The SRV2.SYS (SMB) file vulnerability that can cause a BSOD was not included, likely due to the timing of the exploit code's release, but Microsoft did reveal that it is investigating the issue.

Written by: James Delahunty @ 8 Sep 2009 23:20
Advertisement - News comments available below the ad
  • 4 comments

  • bobiroc

    Quote: the problem is defeated by using basic firewall protectionAnd those that do not use a firewall either in the OS or by some piece of hardware like a router with a firewall are idiots. Once again make a big deal about a vulnerability that will only affect those that have no regard for security. They headline should read "Your house will could be robbed easier if you leave your front door wide open"

    9.9.2009 00:40 #1

  • KillerBug

    "We recommend filtering access to port TCP 445 with a firewall."

    Duh...port 445 is one of the NetBios ports...and all of these ports should always be dissabled (many ISPs block these ports by default). These should ALWAYS be dissabled.

    It seems that most windows vulnrabilities come from things that microsoft includes as enabled by default...yet microsoft also recomends dissabling these same services.

    When I can, I manauly set the IP address, then dissable DHCP and DNS services. That way, I can dissable all internet access for SVCHOST.

    9.9.2009 04:52 #2

  • Hopium

    its only effective from LAN so yeah unless he is on your netowrk its not as big a problem as they make it sound by excluding that info.

    9.9.2009 12:42 #3

  • DK1979

    Blocking with firewall don't work for me :(

    I only have the 1 pc so i have all the mediefiles setting turned off
    and have comodo firewall blocking.

    I worked fine the first week i after i saw this post but then i just started to get the BSOD again every 24 hours or so and thats REALLYYY annoying when my pc is on 24/7...

    Hope and update comes soon cause i'm on XP now and i really wanna go back to vista... (HATE XP)

    21.9.2009 07:03 #4

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud