Remote Denial Of Service Zero-Day Code Gets Public Release

The potential for its use is assessed as likely due to public disclosure and release of the proof of concept code. The lack of an available patch is a risk which potentially allows a remote denial of service attack to be performed.

Server message block (SMB) is an application layer network protocol commonly used by Microsoft Windows based networks to enable file and printer sharing for its users offering capability that is relied on for day to day work in many corporate environments such as shared folders. The vulnerability resides within the implementation of the SMB protocol within the Windows operating system. It is a buffer overflow vulnerability. The result is believed to be limited to a denial of service attack whereby a targeted machine would experience what is commonly known as the blue screen of death where the system immediately halts with an error displayed and a forced restart is performed.

To launch an attack using this vulnerability, an actor would first need to convince the client to visit a malicious SMB server. There are a number of methods to achieve this. For example, a local attack could listen for Link-Local Multicast Name Resolution or Netbios Name Service broadcasts responding to them and direct the machine to the server or, where the actor is in a remote location, the use of Universal Naming Convention (UNC) links can be used. This is where the link is sent to the user along with a form of social engineering where the victim is persuaded to click the link leading to a successful exploit. There are various other methods that actors regularly employ to direct users to servers such as these with many requiring very little user interaction.