SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Trend Micro's lowdown on the bug that puts Windows systems at risk of DoS attacks
Tue, 7th Feb 2017
FYI, this story is more than a year old

Trend Micro has elaborated on US-CERT reporting that there is memory corruption bug that, when used by unauthorised parties, could cause a Denial of Service (DoS) on various Windows operating systems – and there's no solution available yet.

The bug DoS can then crash the operating systems, rendering the DoS attack. The zero-day bug was found in Server Message Block (SMB) traffic that affects Windows 10, Windows 8.1, Server 2016 and Server 2012, Trend Micro says.

The SMB protocol is a network file sharing mechanism used to provide shared access to files, printers, serial ports and other network connections.

A Twitter user posted a Proof of Concept code to show how the bug could lead to a DoS attack and how the bug also leaves an operating system open to remote arbitrary code execution.

“Upon discovery, the bug was initially graded with a severity level of 10 out of 10, which means that the vulnerability could easily be exploited even by untrained perpetrators. Not long after, this rating was lowered to a 7.8,” Trend Micro states.

Although attackers would have to use social engineering to prompt users to connect to a malicious SMB server. This is easily done, as victims only need to click on a malicious link and then connect to a remote SMB server. This would result in a crash, and the blue screen of Death Trend Micro continues.

While US-CERT says there's no current solution for the vulnerability, sysadmins should block outbound SMB connections from local networks to WAN. Microsoft has said it will be issuing a patch for this vulnerability in the Patch Tuesday updates, scheduled for February 14.

Trend Micro Deep Security shields networks through the Deep Packet Inspection (DPI) rule: 1008138-Microsoft Windows Stack Overflow Remote Code Execution Vulnerability.