Security experts warn that it may be possible to exploit a vulnerability in a protocol widely used to connect Windows clients and servers to inject and execute malicious code on Windows computers.
Computers running fully patched Windows 10, 8.1, Server 2012, or 2016 that try to access an infected server will crash with a Blue Screen triggered in mrxsmb20.sys, according to a post by Günter Born on today’s blog.
The vulnerability takes advantage of a buffer overflow bug in Microsoft’s SMBv3 routines. SMBv3 is the latest version of the protocol used to connect Windows clients and servers for sharing files and printers.
Proof of Concept code for the vulnerability was released on Github yesterday by . There’s been no response from Microsoft as yet.
raises the possibility that new exploit code for the vulnerability may be able to inject and execute malicious code on Windows computers.
Johannes Ullrich on the SANS Internet Storm Center, concluding “it isn’t clear if this is exploitable beyond a denial of service.”
The CERT/CC is currently unaware of a practical solution to this problem… Consider blocking outbound SMB connections (TCP ports 139 and 445 along with UDP ports 137 and 138) from the local network to the WAN.
Even more troubling, US-CERT gives this vulnerability a “Base” score of 10, their .