By connecting to a malicious SMB server, a vulnerable Windows client system may crash (BSOD) in mrxsmb20.sys
Blocking outbound SMB connections – TCP ports 139 and 445 along with UDP ports 137 and 138 – from the local network to the wide area network…..said US CERT
Reminder: Mrxsmb20.sys driver handles SMB 2.0 and SMB 3.0 traffic.
Windows OS design objective: In Windows 8, the SMB 3.0 protocol is supported. The Mrxsmb10.sys driver handles legacy SMB traffic, and the Mrxsmb20.sys driver handles SMB 2.0 and SMB 3.0 traffic.
Phenomenon: We have confirmed that without apply the patch on May those Windows 10 , Windows 8.1 client systems as well as the server equivalents of these platforms, Windows Server 2016 and Windows Server 2012 R2 are all encountered SMB vulnerability. In the sense that it is vulnerable.
Current Situation 1: If you are windows OS home user (all windows OS platform), be aware and confirm apply below hot-fix to your home workstation.
Current Situation 2:If you are IT guy maintained whole bunch of MS windows server. You are the technical expert and believed that the hotfix you apply already. But I would like to bring your attention of on server SMB registry.
What’s the reason to point out the SMB registry. It is a quick way to isolate the problem once you suspect that you file server may encounter malicious attack. As a matter of fact, registry check is one of the fast path know what is happen in malware movement.
Regarding to the subject matter, our objective is going to discuss how to rescue yourself this month due to SMB flaw, right? I written an techincal article yesterday mainly highlight the SMB flaw. For more details, please find below url for reference.
Any information update will keep posted. Thank you for your kind attention.