Microsoft Windows SMB “mrxsmb.sys” Remote Heap Overflow Vulnerability

Technical Description
A vulnerability has been identified in Microsoft Windows, which could be exploited by remote attackers or malicious users to cause a denial of service or take complete control of a vulnerable system. This issue is caused by a heap overflow error in the “BowserWriteErrorLogEntry()” function within the Windows NT SMB Minirdr “mrxsmb.sys” driver when processing malformed Browser Election requests, which could be exploited by remote unauthenticated attackers or local unprivileged users to crash an affected system or potentially execute arbitrary code with elevated privileges.

Affected Products
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (64x)
Microsoft Windows Server 2008 (64x) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
Microsoft Windows 7 (32-bit)
Microsoft Windows 7 (64x)
Microsoft Windows Server 2008 R2 (64x)
Microsoft Windows Server 2008 R2 (Itanium)

Workaround Solution
Block or filter UDP and TCP ports 137, 138, 139 and 445.

References
https://blogs.technet.com/b/srd/archive/2011/02/16/notes-on-exploitability-of-the-recent-windows-browser-protocol-issue.aspx
https://seclists.org/fulldisclosure/2011/Feb/285

Vishal Dodke

Vishal Dodke


No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image