New BSOD Devil Comes From The Internet And Crashes Your Windows 10, 8, 7, XP

Share on twitter
Tweet
Share on whatsapp
WhatsApp
Share on facebook
Share
Windows BSOD bug lsass 2

Short Bytes: A security researcher, who goes by the username lgandx, reported a severe vulnerability affecting Windows versions ranging from Windows XP to Windows 10. Due to the bug, an attacker can take control of the system over the internet and force it to the display the stop error after crashing the LSASS service. Microsoft is yet to release a patch for the bug.

Vrious versions of the Microsoft Windows operating system are prone to a memory corruption bug which can be used to crash the system remotely. In September last year, a security researcher named Laurent Gaffié informed Microsoft about the vulnerability. The attack, if possible, can compromise a Windows machine without the user knowing and initiate the stop error or the BSOD. A proof-of-concept of the attack is available on GitHub.

What is the attack?

According to Laurent’s blog post and security advisory released by the US-CERT, Windows is vulnerable towards a specifically-created server response having an excess amount of bytes in the form of SMB2 TREE_CONNECT Response structure. “By connecting to a malicious SMB server, a vulnerable Windows client system may crash (BSOD) in mrxsmb20.sys,” reads the advisory.

A target Windows system can be connected to an SMB server using various means. For instance, by hiding the link to the server in an email or a hyperlink, etc and making the user click it.

Once the user falls prey into the hands of the attacker, the Local Security Authority Service (LSASS) – where the vulnerability exists – on the Windows system can be crashed remotely, causing a denial of service attack. LSASS keeps an eye on who is logging into the system and take care of the passwords and logs for user accounts.

The affected systems include Windows XP, Windows 7, Windows 8, Windows 10, Windows Server 2003, Windows Server 2008, Server 2016, etc. As a preventive measure, US-CERT advises blocking of outbound SMB connections from users LAN to the internet.

Image: Giphy

Don’t forget to keep your system updated. Tell your thoughts and feedback.

Also Read: 20% Of The Dark Web Taken Down By Hacker, Here’s How He Did It

Aditya Tiwari

Aditya Tiwari

Aditya likes to cover topics related to Microsoft, Windows 10, Apple Watch, and interesting gadgets. But when he is not working, you can find him binge-watching random videos on YouTube (after he has wasted an hour on Netflix trying to find a good show). Reach out at [email protected]
Scroll to Top