Skip to main content

A New Windows 10 Zero Day Exploit Allows Attackers to Cause a System Crash Released On GitHub

A New Windows 10 Zero Day Exploit Allows Attackers to Cause a System Crash Released On GitHub

If your Windows 10 run PC or laptop is crashing suddenly, somebody is using a Windows 10 zero-day against it. The exploit was released in the wild on Github allowing anybody with technical knowledge to crash thousands of Windows 10 run PCs and laptops with a BSOD screen.
The Zero-day was discovered by a researcher that goes by PythonResponder on Twitter, and who published proof-of-exploit code for it on GitHub on Wednesday.

How this Windows 10 zero-day works:

The Windows 10 zero-day discovered by PythonResponder is actually a memory corruption bug in the handling of SMB traffic that could be easily exploited by forcing a Windows system to connect to a malicious SMB share. However, to exploit the bug, a potential hacker has to trick a Windows 10 user into clicking a phishing link containing the exploit. Considering how easy it is to socially engineer such links, the zero-day could turn out to be quite effective.
The severeness of the bug has been noted by Carnegie Mellon’s Vulnerability Notes Database which has a new alert up for an exploit that can allow a remote attacker to crash a Windows 10 machine.
The vulnerability is yet to be patched by Microsoft and works on Windows 7/8.1 and Windows 10. The researcher says that he shared knowledge of the flaw with Microsoft, and claims that “they had a patch ready 3 months ago but decided to push it back.” Supposedly, the patch will be released next Tuesday.

Proof-of-concept

Microsoft Windows fails to properly handle traffic from a malicious server. In particular, Windows fails to properly handle a specially-crafted server response that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure. By connecting to a malicious SMB server, a vulnerable Windows client system may crash (BSOD) in mrxsmb20.sys. We have confirmed the crash with fully-patched Windows 10 and Windows 8.1 client systems, as well as the server equivalents of these platforms, Windows Server 2016 and Windows Server 2012 R2.
The PoC exploit has been tested by SANS ISC CTO Johannes Ullrich, and works on a fully patched Windows 10. You can read his full report here.
While this particular Windows 10 zero-day requires the hacker to create a malicious link containing the exploit, Windows 10 failure to correctly handle the SMB traffic means that somebody could discover a way to exploit it without user interaction/malicious link.

Mitigation

The only safe way for Windows 7/8.1 and Windows 10 PC/laptop owners to prevent this bug from being used against them is to avoid untrusted links. System administrators can prevent it from being exploited by blocking outbound SMB connections (TCP ports 139 and 445, UDP ports 137 and 138) from the local network to the WAN, as advised by CERT/CC. They should know that blocking this ports could also prevent users from accessing shared files, data, or devices.
Microsoft is believed to have accorded top priority to this Windows 10 zero-day and will release the patch this coming Tuesday.

Comments

Popular posts from this blog

sxhkd volume andbrightness config for dwm on void

xbps-install  sxhkd ------------ mkdir .config/sxhkd cd .config/sxhkd nano/vim sxhkdrc -------------------------------- XF86AudioRaiseVolume         amixer -c 1 -- sset Master 2db+ XF86AudioLowerVolume         amixer -c 1 -- sset Master 2db- XF86AudioMute         amixer -c 1 -- sset Master toggle alt + shift + Escape         pkill -USR1 -x sxhkd XF86MonBrightnessUp          xbacklight -inc 20 XF86MonBrightnessDown          xbacklight -dec 20 ------------------------------------------------------------- amixer -c card_no -- sset Interface volume run alsamixer to find card no and interface names xbps-install -S git git clone https://git.suckless.org/dwm xbps-install -S base-devel libX11-devel libXft-devel libXinerama-devel  vim config.mk # FREETYPEINC = ${X11INC}/freetype2 #comment for non-bsd make clean install   cp config.def.h config.h vim config.h xbps-install -S font-symbola #for emoji on statusbar support     void audio config xbps-i

Hidden Wiki

Welcome to The Hidden Wiki New hidden wiki url 2015 http://zqktlwi4fecvo6ri.onion Add it to bookmarks and spread it!!! Editor's picks Bored? Pick a random page from the article index and replace one of these slots with it. The Matrix - Very nice to read. How to Exit the Matrix - Learn how to Protect yourself and your rights, online and off. Verifying PGP signatures - A short and simple how-to guide. In Praise Of Hawala - Anonymous informal value transfer system. Volunteer Here are five different things that you can help us out with. Plunder other hidden service lists for links and place them here! File the SnapBBSIndex links wherever they go. Set external links to HTTPS where available, good certificate, and same content. Care to start recording onionland's history? Check out Onionland's Museum Perform Dead Services Duties. Introduction Points Ahmia.fi - Clearnet search engine for Tor Hidden Services (allows you

download office 2021 and activate

get office from here  https://tb.rg-adguard.net/public.php open powershell as admin (win+x and a ) type cmd  goto insall dir 1.         cd /d %ProgramFiles(x86)%\Microsoft Office\Office16 2.           cd /d %ProgramFiles%\Microsoft Office\Office16 try 1 or 2 depending on installation  install volume license  for /f %x in ('dir /b ..\root\Licenses16\ProPlus2021VL_KMS*.xrm-ms') do cscript ospp.vbs /inslic:"..\root\Licenses16\%x" activate using kms cscript ospp.vbs /setprt:1688 cscript ospp.vbs /unpkey:6F7TH >nul cscript ospp.vbs /inpkey:FXYTK-NJJ8C-GB6DW-3DYQT-6F7TH cscript ospp.vbs /sethst:s8.uk.to cscript ospp.vbs /act Automatic script (windefender may block it) ------------------------------------------------------------------------------------------------------------------- @echo off title Activate Microsoft Office 2021 (ALL versions) for FREE - MSGuides.com&cls&echo =====================================================================================&