New SMB Bug Found in All Versions of Windows

Researchers have identified a new remotely exploitable vulnerability in all current versions of Windows that could be used by attackers to run arbitrary code on vulnerable machines. There is already a proof-of-concept exploit in circulation for the bug.

Windows bugResearchers have identified a new remotely exploitable vulnerability in all current versions of Windows that could be used by attackers to run arbitrary code on vulnerable machines. There is already a proof-of-concept exploit in circulation for the bug.

The new bug lies in the BROWSER protocol, which runs on top of the SMB (Server Message Block) protocol on Windows. Microsoft security officials said that the vulnerability is most likely to be found on servers and may be difficult to exploit for remote code execution.

“This vulnerability affects Windows machines that have been configured to
(A) use the BROWSER network protocol and (B) that then become Master
Browser on the local network. The BROWSER protocol uses an election
process to determine which system will act as the “master” in terms of
data collection and response handling,” Mark Wodrich of the Microsoft Security Response Center said in a blog post on the vulnerability.

“RCE may also be possible if the corrupted memory is used by a thread
running on another processor before the RtlCopyMemory triggers a
bugcheck, and in a way that can be used to change code execution. (For
instance, by corrupting a function pointer and having it be used by
another thread). We feel that triggering any such timing condition
reliably will be very difficult.”

Microsoft said that enterprises can limit the exploitability of the SMB flaw by blocking the BROWSER protocol at the network edge.

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.

Discussion

  • Anonymous on

    The new bug lies in the BROWSER protocol, which runs on top of the SMB (Server Message Block) protocol on Windows  officials and industry leaders.mostly in China and the U.S., but Cheap Air Max also in Hong Kong and Singapore as well. The  Air Max 2011 victims include the gaming sites and online stores Air Max Tailwind common targets of DDOS attacks, which are used to knock the sites offline and extract protection payments from site operators.Air Max 24-7 But JKDDOS is also targeting large investment firms,

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.