Microsoft has failed to release a fix for a serious Windows Server vulnerability, despite being warned 3 months ago.
The exploit has now been released on GitHub by the security researcher, resulting in US CERT warning server admins to block outbound SMB connections.
The vulnerability is a memory corruption bug in the handling of SMB traffic, which may allow a remote, unauthenticated attacker to cause a denial of service on a vulnerable system.
US CERT notes:
“Microsoft Windows fails to properly handle traffic from a malicious server. In particular, Windows fails to properly handle a specially-crafted server response that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure.
“By connecting to a malicious SMB server, a vulnerable Windows client system may crash (BSOD) in mrxsmb20.sys. We have confirmed the crash with fully-patched Windows 10 and Windows 8.1 client systems, as well as the server equivalents of these platforms, Windows Server 2016 and Windows Server 2012 R2.”
Security researcher Laurent Gaffie released the proof-of-concept exploit, dubbed Win10.py on Github five days ago, and Microsoft has so far not responded yet.
In absence of a response US CERT recommends admins block outbound SMB connections – TCP ports 139 and 445 along with UDP ports 137 and 138 – from the local network to the wide area network.