gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
75361 Posts in 13192 Topics by 2638 Members - Latest Member: Rossi September 23, 2017, 09:45:01 pm
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Microsoft won't patch SMB flaw that only an idiot would expose
gfx
gfxgfx
 

Author Topic: Microsoft won't patch SMB flaw that only an idiot would expose  (Read 132 times)

0 Members and 1 Guest are viewing this topic.

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
https://www.theregister.co.uk/2017/07/30/slow_loris_smbv1_attack/

Quote
Updated A Windows SMB vulnerability revealed late last week at DEF CON won't be patched because Microsoft says the service should be firewalled off from the internet anyway.

The 20-year-old Windows bug was discovered by RiskSense bods, who combed Redmond's file server code for flaws similar to the ones exploited by the NSA's leaked EternalBlue tool.

emphasis mine.... what lazy fucks they have at good ol microsoft....
......

Quote
The security weakness, dubbed SMBLoris, is a memory-handling bug: it can be exploited to force a vulnerable server on the internet or local network to allocate 128KiB of non-paged physical memory, which can't be swapped out, for every connection to the service. You do this by sending three bytes to the SMB service with the 17-bit NBSS length field set to the max. The kernel keeps the connection open for 30 seconds and then gives up. So for 30 seconds, 128KiB of memory is tied up for every connection attempted.

You then fire off a connection request for every TCP port possible – up to 65,535 – and thus potentially chew through up to 8GiB of non-paged RAM for half a minute. This will hamper the performance of the machine as the kernel is forced to scour the system for any free memory as more allocations arrive.

ROFL!!

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: Microsoft won't patch SMB flaw that only an idiot would expose
« Reply #1 on: August 01, 2017, 09:45:53 pm »
I read this article recently but was on my way to work so a big "thank you" to you Stripes for posting it here for us   8) 8)

This is very much a story of deliberate exposure to exploitable loopholes, sure we all know the NSA want to retain some of these holes but once they are public its surely time to move forward to something else.

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Microsoft won't patch SMB flaw that only an idiot would expose
« Reply #2 on: August 02, 2017, 04:58:11 am »
h--ps://astr0baby.wordpress.c-m/2017/08/01/smbloris-on-windows-tests/  (use copy/paste... this forum doesnt need to be in the referrer field)

*snirk* if it was this easy to find i can only wonder when its made into part of a real piece of malware that attacks lans... days? maybe? if its not already been made? lol

Offline Pri

  • MX Hosts
  • *****
  • *****
Re: Microsoft won't patch SMB flaw that only an idiot would expose
« Reply #3 on: August 02, 2017, 09:26:39 pm »
Of course the real worry here is that an attacker will gain access to a large network and then exploit this bug to infect all the machines on that network. Which is exactly what the NSA's previous exploit was for.

Microsoft should patch it and I hope they do so.

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Microsoft won't patch SMB flaw that only an idiot would expose
 

gfxgfx
gfx
©2005-2017 WinMXWorld.com. All rights reserved.
SMF 2.0.14 | SMF © 2017, Simple Machines
Page created in 0.032 seconds with 23 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!