Microsoft confirms Windows BROWSER protocol zero-day

Microsoft confirms Windows BROWSER protocol zero-day

Summary: A security researcher has released proof-of-concept code for an unpatched security vulnerability affecting all versions of Windows, prompting a warning from Microsoft that remote code execution attacks are theoretically possible.

SHARE:

A security researcher has released proof-of-concept code for an unpatched security vulnerability affecting all versions of Windows, prompting a warning from Microsoft that remote code execution attacks are theoretically possible.

Details on the vulnerability were released on the Full Disclosure mailing list earlier this week and Microsoft followed up with two separate blog posts discussing the ramifications of the problem and suggesting workarounds until a patch can be created and released.follow Ryan Naraine on twitter

According to Microsoft's Mark Wodrich, the vulnerability was identified in the BROWSER protocol  and although all versions of Windows are vulnerable, the issue is more likely to affect server systems running as the Primary Domain Controller (PDC).

"In environments following best practices, the BROWSER protocol should be blocked at the edge firewalls thus limiting attacks to the local network," Wodrich said.

Wodrich provided technical confirmation of the buffer overrun vulnerability and explained that a malformed BROWSER message would cause the Master Browser to hit a portion of vulnerable code to trigger the vulnerability.

He warned that remote code execution (highest severity) may be possible in certain circumstances.

"While [remote code execution] is theoretically possible, we feel it is not likely in practice," Wodrich said, noting that a more risk attack scenario would be denial-of-service attacks.

Microsoft has not yet issued a formal security advisory with mitigation guidance or workarounds.

Topics: Operating Systems, Browser, Hardware, Microsoft, Networking, Processors, Security, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

55 comments
Log in or register to join the discussion
  • RE: Microsoft confirms Windows BROWSER protocol zero-day

    Such a non-issue because its only a proof-of-concept. No code is out in the wild therefore no one needs to panic. And since its restricted to just local networks its going to be incredibly hard to exploit this. Follow the recommended workarounds and this will not be a problem at all. No fear mongering and no scare tactics on this one.
    Loverock Davidson
    • RE: Microsoft confirms Windows BROWSER protocol zero-day

      Thanks again to Microsoft spokesperson, Loverock Davidson. Nothing to see here go about your normal business of patching.

      Yes, I know all software has bugs.
      choyongpil
    • RE: Microsoft confirms Windows BROWSER protocol zero-day

      @Loverock Davidson
      The fact that the POC exists means it IS an issue.

      If the admins are doing their jobs, they see the article, check their firewall settings, make any changes they need to, and go about their day. That way, when POC moves to the wild and is actively attacking machines, they've put up their defenses.

      i don't see any wringing hands or gnashing teeth in this article, just information.
      thookerov
      • LD is mocking...

        @thookerov

        ...Apple fanbois who always say that a POC is not an attack, that trojans are not viruses, etc.

        I take it you're fairly new here? :)
        wolf_z
      • trojans are no big deal, right?

        Naahhhh, of course not...

        lol... :D
        search & destroy
    • "Follow the recommended workarounds..." ???

      @Loverock Davidson

      [b]What workarounds???[/b]

      Taken from the article:
      [i]"Microsoft has not yet issued a formal security advisory with mitigation guidance or workarounds."[/i]
      UrNotPayingAttention
      • RE: Microsoft confirms Windows BROWSER protocol zero-day

        @chmod 777
        Taken from the article:
        [i]Microsoft followed up with two separate blog posts discussing the ramifications of the problem and suggesting workarounds until a patch can be created and released.[/i]
        Loverock Davidson
    • &LD - The result of assuming -or- Ignorance is bliss, is it not?

      Ryan Naraine writes, &ldquo;&lsquo;<em>In environments following best practices, the BROWSER protocol <strong>should be blocked</strong> at the edge firewalls <strong>thus limiting attacks to the local network</strong>,&rsquo; Wodrich said.</em>&rdquo;

      Loverock Davidson writes, &ldquo;<em>Since its restricted to just local networks its going to be incredibly hard to exploit this.</em>&rdquo;

      See the disconnect?
      Isocrates
    • RE: Microsoft confirms Windows BROWSER protocol zero-day

      Isocrates,
      Its his full time job to paint a positive picture of Microsoft regardless of the issue. Loverock is always disconnected from the topic posted.
      ZDNET is the only place he gets attention.
      daikon
    • RE: Microsoft confirms Windows BROWSER protocol zero-day

      @Loverock Davidson

      Such brain death is completely astounding, though not unexpected from a paid troll.

      It ceased being a non-issue when it was published, the FACT that it is in ALL WinBLows versions leads me to suspect that the scumbags you work for knew about it all along but just did not care until it was made public like they have done with so many others!
      cadstarsucks
    • RE: Microsoft confirms Windows BROWSER protocol zero-day

      Isn't it nice of ZDnet to employ a resident clown to keep us blog readers amused.
      Alan Smithie
    • RE: Microsoft confirms Windows BROWSER protocol zero-day

      @Loverock Davidson It is an issue... If someone exploits one of your workstations they now have an open door into your domain controller. That's huge. A domain controller is incredibly important in a windows based network, exploiting it is no laughing matter.
      snoop0x7b
    • More ZD crap

      Another dumb-ass headline using "zero-day".

      WTF is that supposed to mean? I don't think ZD knows, since in all these years they've never defined it.

      COMMUNICATION FAILURE.
      dgurney
      • RE: Microsoft confirms Windows BROWSER protocol zero-day

        @dgurney - I don't see why ZDnet has to define common terms. Zero-day, or more specifically Zero-day attack, a.k.a. Zero-hour, zeroth attack - I'm sorry, a.k.a means also known as - and refers to an attack using a vulnerability that the developer/owner of the system is unaware of.

        Of course this means that technically, as soon as MicroSoft knows about the vulnerability, it is no longer a Zero-day threat.
        seamountie
    • RE: Microsoft confirms Windows BROWSER protocol zero-day

      [i]Such brain death is completely astounding, though not unexpected from a paid troll.[/i]

      Well as you can see, M$ has lowered their standards quite a bit. Only the dumb and the borderline retarded need apply.
      search &amp; destroy
  • RE: Microsoft confirms Windows BROWSER protocol zero-day

    Where are all the "there aren't any bugs in Mac/Linux" people? ;-)
    aureolin
    • RE: Microsoft confirms Windows BROWSER protocol zero-day

      @aureolin
      If it helps you, there are no Bugs in Linux/Apple. /sarcasm
      daikon
    • RE: Microsoft confirms Windows BROWSER protocol zero-day

      @aureolin There needs to be a Like Button on zdnet.

      Like
      Your Non Advocate
    • What is a web browser doing on a PDC?

      The MCSEs still don't get it.
      Richard Flude
      • RE: Microsoft confirms Windows BROWSER protocol zero-day

        @Richard Flude
        LOL talk about not getting it LOLOL!!!
        Loverock Davidson