Microsoft Vulnerability could allow remote code execution but it's not likely.
Microsoft has downplayed a Windows vulnerability affecting its Windows operating systems that could allow remote code execution.
Earlier this week, a proof-of-concept exploit was released but Microsoft suggested it was unlikely that the flaw could be used for remote code execution.
The bug was discovered on the Browser protocol, which runs on top of the server message block (SMB) protocol on Windows.
“This vulnerability affects Windows machines that have been configured to use the browser network protocol and then become master browser on the local network,” blogged Mark Wodrich, from the Microsoft Security Response Centre.
“The browser protocol uses an election process to determine which system will act as the master in terms of data collection and response handling.”
Wodrich said it was more likely to affect servers running as the primary domain controller.
"The primary domain controller will become master browser, but depending on the network configuration, other computers on the network can become master browser, and therefore be vulnerable," he explained.
Wodrich said remote code execution would be possible “if the corrupted memory is used by a thread running on another processor before the RtlCopyMemory triggers a bugcheck, and in a way that can be used to change code execution.”
“We feel that triggering any such timing condition reliably will be very difficult,” he added.
Wodrich said that businesses following best practices should block the browser protocol at the edge of firewalls to limit attacks on the local network.
SUBSCRIBE TO BLOG BY: EMAIL
:
Microsoft has downplayed a Windows vulnerability affecting its Windows operating systems that could allow remote code execution.
Earlier this week, a proof-of-concept exploit was released but Microsoft suggested it was unlikely that the flaw could be used for remote code execution.
The bug was discovered on the Browser protocol, which runs on top of the server message block (SMB) protocol on Windows.
“This vulnerability affects Windows machines that have been configured to use the browser network protocol and then become master browser on the local network,” blogged Mark Wodrich, from the Microsoft Security Response Centre.
“The browser protocol uses an election process to determine which system will act as the master in terms of data collection and response handling.”
Wodrich said it was more likely to affect servers running as the primary domain controller.
"The primary domain controller will become master browser, but depending on the network configuration, other computers on the network can become master browser, and therefore be vulnerable," he explained.
Wodrich said remote code execution would be possible “if the corrupted memory is used by a thread running on another processor before the RtlCopyMemory triggers a bugcheck, and in a way that can be used to change code execution.”
“We feel that triggering any such timing condition reliably will be very difficult,” he added.
Wodrich said that businesses following best practices should block the browser protocol at the edge of firewalls to limit attacks on the local network.
SUBSCRIBE TO BLOG BY: EMAIL
:
No comments:
Post a Comment