Xeon3D
1st Folding then Sex
Full Disclosure: Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
* Release date: September 7th, 2009
* Discovered by: Laurent Gaffi
* Severity: Medium/High I.
II. BACKGROUND
Windows vista and newer Windows comes with a new SMB version named SMB2. See:
http://en.wikipedia.org/wiki/Windows_Vista_networking_technologies#Server_Message_Block_2.0 for more details.
III. DESCRIPTION
SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionnality.
The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it's used
to identify the SMB dialect that will be used for futher communication.
IV. PROOF OF CONCEPT
...
V. BUSINESS IMPACT
An attacker can remotely crash without no user interaction, any Vista/Windows 7 machine with SMB enable.
Windows Xp, 2k, are NOT affected as they dont have this driver.
VI. SYSTEMS AFFECTED
Windows Vista/7 All (64b/32b|SP1/SP2 fully updated) and possibly Win Server 2008
as it use the same SMB2.0 driver (not tested).
VII. SOLUTION
Vendor contacted, but no patch available for the moment. Close SMB feature and ports, until a patch is provided.
Parece que a Microsoft quer voltar aos velhos tempos do Windows 95.
(saudades...)
Já estou mesmo a ver, sistemas topo de gama, windows 7 instalado e pum... BSOD.
Fonte: Insecure.org
(Nota: não pus link directo para a fonte, devido ao facto de conter um PoC, se um moderador assim o entender fácilmente encontra o artigo).