Windows 10 zero-day exploit can crash your system

Posted on Saturday, February 04 2017 @ 11:31 CET by Thomas De Maesschalck

There is a zero-day exploit for Windows 8.1 and Windows 10 that can be used to crash a fully patched system. This attack exploits a vulnerability in Windows's SMB network file sharing protocol, which is used to share files and printers over a network and to handle authentication to those shared resources.

ComputerWorld provides some details about how the attack works but it looks like it's a fairly tame security risk. At the moment, there appears to be no evidence that it can be used for anything else than serving you a Blue Screen of Death (BSOD).

An attacker can exploit the vulnerability by tricking a Windows system to connect to a malicious SMB server which would then send specially crafted responses. There are a number of techniques to force such SMB connections and some require little or no user interaction, CERT/CC warned.

The good news is that there are no confirmed reports of successful arbitrary code execution through this vulnerability yet. However, if this is a memory corruption issue as described by CERT/CC, code execution might be a possibility.

It's unknown when Microsoft will patch this flaw.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments

Share this story!