Microsoft Windows 7 exploit
Microsoft has issued a security advisory to acknowledge a crippling denial-of-service flaw affecting its newest operating systems — Windows 7 and Windows Server 2008 R2.
Following the publication of Gaffié’s exploit, Microsoft swiftly released Security Adviser 977544 with pre-patch mitigation and a confirmation that the “detailed” code could provide a road map for hackers to cause Windows 7 and Windows Server 2008 R2 systems to stop responding until manually restarted.
Here’s the cause of the vulnerability:
The kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains a NetBIOS header with an incorrect length value.
The vulnerability can be exploited via the Web:
In a Web-based attack scenario, an attacker would have to host a Web page that contains a specially crafted URI. A user that browsed to that Web site will force an SMB connection to an SMB server controlled by the attacker, which would then send a malicious response back to the user. This response would cause the user’s system to stop responding until manually restarted. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted Web site. Instead, an attacker would have to convince them to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes them to the attacker’s site.
In the absence of a patch, Microsoft recommends that affected users block TCP ports 139 and 445 at the firewall. Windows users should also block all SMB communications to and from the Internet to help prevent attacks.