News

Windows Zero-Day Vulnerability Investigated by Microsoft

An unnamed security researcher released information Monday on a discovered Windows vulnerability that could be used to perform remote code execution. Along with bringing the hole to the attention of Microsoft, the researcher posted the proof-of-concept exploit code that triggers a blue-screen PC system freeze.

The vulnerability affects all versions of Windows, with Microsoft cautioning that system servers running as the primary domain controller may be at highest risk, according to the researcher, identified only by the user name "Cupidon-3005."

In a TechNet blog, Matt Oh, member of the MMPC Vulnerability Response Team, provided some more details on the situation: "...the vulnerability is inside an error-reporting function of the CIFS browser service module. The function gets a variable number of arguments as parameters. Those string arguments are pushed on the stack for processing. In some cases, some of the strings can be controlled by the attacker."

Oh continued by saying that once a PC is controlled by a hacker it could be possible for malicious code to be freely distributed to the compromised system.

The Microsoft security team is very optimistic that exploitations of the vulnerability for this purpose should be rare. The team added that "while [a remote code execution] is theoretically possible, we feel it is not likely in practice, wrote Mark Wodrich, MSRC engineer, in a blog post.

However, Wodrich does feel that there is some concern that hackers may use this newly documented opening to launch a denial-of-service attack.  

Microsoft has not yet released a security advisory on the vulnerability and has offered no workaround fix as it continues to investigate the security concern. With the release of February's patches just last week, an official patch may not surface until Microsoft's March security update, or Microsoft could release an interim "out-of-band" patch.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • How To Configure Windows 10 for Intel Optane Memory

    Intel's Optane memory technology can significantly improve the performance of your Windows 10 system -- provided you enable it correctly. A single mistake can render the system unbootable. Here's how to do it the right way.

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

  • How To Automate Tasks in Azure SQL Database

    Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

comments powered by Disqus