Critical Microsoft Vista/2008/Windows 7 Zero-day Remote BSOD Found

Kyle — Wed, 09 Sep 2009 00:24:06 +0000

Remember back in the days of Windows 95 when someone could use the OOB attack to remotely BSOD a PC? Well now you can relive your youth with a classic throwback from Microsoft! Windows Vista, 2008, and 2007 of all variants all have a similar vulnerability that allows a remote attacker take your machine down with a simple ampersand. Leave it up to Microsoft to do it all again more than a decade later.

The SMB 2.0 driver in x86 and x64 versions of Windows Vista, Server 2008, and Windows 7 are all one in the same. When sent the “&” character in the “Process ID High” SMB header, the process pagefaults and brings us the beloved Blue Screen of Death we’ve all come to know and love.

Credit goes to Laurent Gaffié and you can find the Proof-of-Concept on his blog.

Tags: ampersand, attack, attacker, blue screen of death, BSOD, Laurent Gaffié, microsoft, microsoft vista, microsoft windows vista, OOB, process id, proof of concept, SMB, throwback, versions of windows vista, vulnerability, zero day

M32 Security » ampersand

Critical Microsoft Vista/2008/Windows 7 Zero-day Remote BSOD Found