SMB or Server Message Block is used for providing access (i.e. to read or write) to files, various services such as printer, serial ports and such. It has been vastly used in windows operating systems. It is also known as “Microsoft Windows Network” on windows platform. Using this protocol, one can access remote server as well.
Anyway, recently a severe security flaw was found in the windows SMB network. This vulnerability can be exploited by attackers in many different ways. Starting from remotely system crash to denial of service to name a few of them.
Source : Wikipedia
According to US CERT, the vulnerability is “a memory corruption bug in the handling of SMB traffic, which may allow a remote, unauthenticated attacker to cause a denial of service on a vulnerable system”.
It further continues on saying:
“By connecting to a malicious SMB server, a vulnerable Windows client system may crash (BSOD) in mrxsmb20.sys. We have confirmed the crash with fully-patched Windows 10 and Windows 8.1 client systems, as well as the server equivalents of these platforms, Windows Server 2016 and Windows Server 2012 R2.”
They also recommend blocking outbound SMB connections from the local network to the WAN. Such as for
Fortunately, there has not been any news of successful exploitation using this vulnerabilities. But an exploit that can take advantage of this vulnerabilities (theoretically) has been released on GitHub.
Ironically, Microsoft yet to release a patch to mask this vulnerability. But its regular monthly scheduled patch day is coming up (which is every 2nd Tuesday of every month), which marks the upcoming 14th February as the next one. They are widely expected to release a patch for this unreality on that day.
Have a good day.
And Oh. Don’t forget to install updates on 14th February.
