|19 Feb 2011||#1|
| || |
exploitability of the most recent Windows BROWSER protocol issue
Earlier this week a PoC exploit for a vulnerability in the BROWSER protocol was released on Full Disclosure. There has been some discussion regarding whether this issue can result in Remote Code Execution (RCE) or is only a Denial of Service (DoS). This blog post provides details on the exploitability based on our internal analysis.
Which systems are vulnerable
All versions of Windows are vulnerable, although the issue is more likely to affect server systems running as the Primary Domain Controller (PDC). In environments following best practices, the BROWSER protocol should be blocked at the edge firewalls thus limiting attacks to the local network.
The BROWSER protocol operates on top of SMB and is used to discover machines and resources on the network. It is implemented as a kernel driver (mrxsmb.sys or bowser.sys, depending on the version of Windows). This vulnerability affects Windows machines that have been configured to (A) use the BROWSER network protocol and (B) that then become Master Browser on the local network. The BROWSER protocol uses an election process to determine which system will act as the “master” in terms of data collection and response handling.
|My System Specs|
|Similar help and support threads for2: exploitability of the most recent Windows BROWSER protocol issue|
|How do I enable telnet:// protocol links in IE8 for Windows 7 x64||Browsers & Mail|
|Frequent BSODs. Recent issue.||BSOD Help and Support|
|Windows XP mode recent network issue||Network & Sharing|
|CIFS Browser Protocol Heap Corruption Vulnerability||Security News|
|Recent W7 repair install issue||Installation & Setup|
|router issue causes hanging browser - could it be a Windows 7 update?||Network & Sharing|
|Interesting connectivity issue, just a browser issue||Network & Sharing|
|Our Sites ||Site Links ||About Us ||Find Us |
© Designer Media Ltd
All times are GMT -5. The time now is 09:09 PM.