Computers running fully patched Windows 10, 8.1, Server 2012, and 2016 are hit by Blue Screens when trying to connect to an infected server Security experts warn that it may be possible to exploit a vulnerability in a protocol widely used to connect Windows clients and servers to inject and execute malicious code on Windows computers. Computers running fully patched Windows 10, 8.1, Server 2012, or 2016 that try to access an infected server will crash with a Blue Screen triggered in mrxsmb20.sys, according to a post by Günter Born on today’s Born’s Tech and Windows World blog. The vulnerability takes advantage of a buffer overflow bug in Microsoft’s SMBv3 routines. SMBv3 is the latest version of the protocol used to connect Windows clients and servers for sharing files and printers. Proof of Concept code for the vulnerability was released on Github yesterday by @PythonResponder. There’s been no response from Microsoft as yet. There are currently no reports of this particular security hole leading to a takeover of affected computers, but US-CERT Vulnerability Note VU#867968 raises the possibility that new exploit code for the vulnerability may be able to inject and execute malicious code on Windows computers. Johannes Ullrich posted a warning on the SANS Internet Storm Center, concluding “it isn’t clear if this is exploitable beyond a denial of service.” US-CERT advises: The CERT/CC is currently unaware of a practical solution to this problem… Consider blocking outbound SMB connections (TCP ports 139 and 445 along with UDP ports 137 and 138) from the local network to the WAN. Even more troubling, US-CERT gives this vulnerability a “Base” score of 10, their highest rating. Born advises that the effect is limited on small networks: For me, it seems that this is for companies with WANs. For small LANs I would classify the risk as low, because an attacker needs access to the network shares. Also in networks with WLAN access is WPA2 protected, so I can’t see how the exploit can be used. The discussion continues on the AskWoody Lounge. Related content opinion On a personal note... Woody Leonhard looks back a bit, looks ahead to retirement — and shares good news about who's picking up the Windows patching torch. By Woody Leonhard Nov 09, 2020 3 mins Small and Medium Business Computers Windows news analysis Get Microsoft's October patches installed — and seriously consider Win10 2004 Odd ancillary patches have their problems, but the mainstream October patches look pretty reliable. The big question: Is Win10 version 2004 up to your stability standards. I’m skeptical -- especially because it has few worthwhile improvements. By Woody Leonhard Oct 30, 2020 6 mins Small and Medium Business Microsoft Computers news analysis Microsoft Patch Alert: October 2020 The big news with this month’s patches – aside from the usual smorgasbord of strange errors – has more to do with the patches that are outside the regular cumulative update stream. Remarkably, we didn’t get any security fixes By Woody Leonhard Oct 22, 2020 189 mins Small and Medium Business Microsoft Office Microsoft news analysis With Patch Tuesday here, be sure Windows Update is paused With all the flotsam floating around, it’s easy to lose sight of Second Tuesdays. October’s arrives tomorrow and, with it, another round of Windows and Office patches. Take a minute to make sure you aren’t in the front lines, as eve By Woody Leonhard Oct 12, 2020 5 mins Small and Medium Business Microsoft Windows Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe