SMB V2.1 DoS Vulnerability

Laurent Gaffie recently discovered a remote denial of service vulnerability in SMB v2.1 used in Windows 7 and Microsoft Server 2008 R2. The vulnerability can be exploited to leave a system unresponsive, the only recovery known so far is to power down the machine by removing the power. So far arbitrary code execution has not been achieved with this vulnerability.

The exploit can be hosted from a Linux machine returning responses with flawed NetBIOS headers, the targets communication with the machine does not have to be manually initiated, the most likely method of exploiting this vulnerability will be via a webpage containing a link back to the Linux machine. Realistically nobody should be surfing the internet from a server so I would expect this to be mainly targeted at Windows 7 machines.

Microsoft has confirmed the vulnerability but is yet to release a patch. Due to the vulnerability being specific to SMB V2.1 only Windows 7 and Microsoft Server 2008 R2 are vulnerable.

Let’s hope MS patch this before code execution is achieved.

For more information see:

Laurent Gaffie’s advisory

SANS Diary entry

Heise Security blog post

comments powered by Disqus