New Windows zero-day surfaces as researcher releases attack code

SMB bug could be exploited on Windows XP, Server 2003 to hijack machines, say experts

A security researcher yesterday disclosed a new unpatched bug in Windows that some experts believe could be used to remotely hijack a PC.

Microsoft said it is investigating the flaw, but provided no information on any analysis it's conducted thus far.

"Microsoft is investigating public claims of a possible vulnerability in Windows SMB [Server Message Block]," said Jerry Bryant, a group manager with the Microsoft Security Response Center (MSRC), in an e-mail Tuesday. "Once we're done investigating, we will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves."

The researcher, identified only as "Cupidon-3005," posted exploit code Monday for the vulnerability, which is reportedly in the "BowserWriteErrorLogEntry()" function within the "mrxsmb.sys" driver. The driver processes requests to the Server Message Block protocol that Windows uses for network communication.

SMB is mainly used to provide file- and printer-sharing to Windows machines.

According to French security company Vupen, which rated the bug as "critical," a successful exploit could "cause a denial of service or take complete control of a vulnerable system." The former would crash Windows and produce the notorious "Blue Screen of Death" that illustrates a serious collapse of the operating system.

Danish vulnerability tracker Secunia, which ranked the flaw as "moderately critical" -- the middle threat level in its five-step system -- also said that hackers could exploit the bug to compromise a PC.

"Successful exploitation may allow execution of arbitrary code," warned Secunia.

Secunia added that a buffer overflow could be triggered by sending a too-long Server Name string in a malformed Browser Election Request packet. In this context, "browser" does not mean a Web browser, but describes other Windows components which access the OS' browser service.

Vupen confirmed that Windows XP Service Pack 3 (SP3) and Windows Server 2003 SP2 are vulnerable to attack, while Secunia reported that other versions of Windows may also be affected.

Cupidon-3005 taunted Microsoft in a message posted to the Full Disclosure security mailing list. "Apologies if this puts a downer on the MSRC valentines day sausage fest," the message read.

Microsoft's next regularly-scheduled Patch Tuesday is March 8, but if the company keeps to its usual timeline, it's unlikely to issue a fix by then unless a large number of in-the-wild attacks exploiting the vulnerability appear in the next three weeks.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Microsoftoperating systemssoftwareWindows

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld (US)
Show Comments

Father’s Day Gift Guide

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?