Myth or True SMB BOSD

 

Today there is this story about the SMB BOSD is it true ?

first here is the full story http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html

My Server versions.

image image

I run the exploit and yes there is a BSOD  ;-(

image but there is no firewall on and everything is wide open. This is on my windows 2008 R2 RC build 7100

even with the Firewall on it still gets a BSOD the only thing you can do is block port 445. And I did a test on Windows 7 in my domain with the (BSOD DC ) and no BOSD my Windows 7 is secure !!

image

 

image image On the left windows 7 <> right Windows 2008 r2 RC build 7100

After replacing the srv2.sys file and a reboot I did the test again and no more BOSD

image  but where did I find this new srv2.sys file <> yes in windows 7

Story confirmed partly true. but it can be fixed. when I do not know. but remember changing this file is not supported.

and you need to bypass the NT SERVICE\TrustedInstaller security rights.

You must remember turn your firewall on does not always help you port 445 ,138,139 are open if you make a block rule 445

image but maybe you need 445 😉

No I’m not gona help you to test this or tell you where to find the tools to do this.

Posted September 10, 2009 by Robert Smit in SMB BOSD, Windows 2008 R2

Tagged with ,

  • Tag