AfterDawn: Tech news

Windows flaw spells BSOD risk to newer operating systems

Written by James Delahunty (Google+) @ 08 Sep 2009 23:20 User comments (4)

Windows flaw spells BSOD risk to newer operating systems Concept code has been published that takes advantage of an unpatched vulnerability in Microsoft's implementation of Server Message Block (SMB), which is a protocol used in File and Printer sharing over a network. Microsoft's Windows Vista, Windows Server 2008 and Windows 7 are all currently affected by the unpatched vulnerability, while Windows 2000 and Windows XP are not affected by it at all.
The concept exploit uses the flaw to force Windows machine into the infamous Blue Screen of Death (BSOD). According to security researchers at the Internet Storm Center (ISC), the problem is defeated by using basic firewall protection. "The exploit needs no authentication, only file sharing enabled with one packet to create a BSOD," ISC researchers warn. "We recommend filtering access to port TCP 445 with a firewall."

Microsoft issued a number of security updates during the day to address some serious vulnerabilities in the Windows operating systems. The SRV2.SYS (SMB) file vulnerability that can cause a BSOD was not included, likely due to the timing of the exploit code's release, but Microsoft did reveal that it is investigating the issue.

Previous Next  

4 user comments

19.9.2009 0:40

Quote:
the problem is defeated by using basic firewall protection
And those that do not use a firewall either in the OS or by some piece of hardware like a router with a firewall are idiots. Once again make a big deal about a vulnerability that will only affect those that have no regard for security. They headline should read "Your house will could be robbed easier if you leave your front door wide open"

29.9.2009 4:52

"We recommend filtering access to port TCP 445 with a firewall."

Duh...port 445 is one of the NetBios ports...and all of these ports should always be dissabled (many ISPs block these ports by default). These should ALWAYS be dissabled.

It seems that most windows vulnrabilities come from things that microsoft includes as enabled by default...yet microsoft also recomends dissabling these same services.

When I can, I manauly set the IP address, then dissable DHCP and DNS services. That way, I can dissable all internet access for SVCHOST.

39.9.2009 12:42

its only effective from LAN so yeah unless he is on your netowrk its not as big a problem as they make it sound by excluding that info.

421.9.2009 7:03

Blocking with firewall don't work for me :(

I only have the 1 pc so i have all the mediefiles setting turned off
and have comodo firewall blocking.

I worked fine the first week i after i saw this post but then i just started to get the BSOD again every 24 hours or so and thats REALLYYY annoying when my pc is on 24/7...

Hope and update comes soon cause i'm on XP now and i really wanna go back to vista... (HATE XP)

This message has been edited since its posting. Latest edit was made on 21 Sep 2009 @ 7:04

Comments have been disabled for this article.

News archive