Myth or True SMB BOSD


Today there is this story about the SMB BOSD is it true ?

first here is the full story

My Windows Versions.

image image

I run the exploit and yes there is a BSOD 

image but there is no firewall on and everything is wide open. This is on my windows 2008 R2 RC build 7100

even with the Firewall on it still gets a BSOD the only thing you can do is block port 445. And I did a test on Windows 7 in my domain with the BSOD DC ;-( and no BOSD my Windows 7 is secure !!



image image On the left windows 7 <> right Windows 2008 r2 RC build 7100

After replacing the srv2.sys file and a reboot I did the test again and no more BOSD

image  but where did I find this new srv2.sys file <> yes in windows 7

Story confirmed partly true. but it can be fixed. when I do not know. but remember changing this file is not supported.

and you need to bypass the NT SERVICETrustedInstaller security rights.

You must remember turn your firewall on does not always help you port 445 ,138,139 are open if you make a block rule 445

image but maybe you need 445 😉

No I’m not gona help you to test this or tell you where to find the tools to do this.

Author: Robert Smit [MVP]

Robert Smit is Senior Technical Evangelist and is a current Microsoft MVP in Clustering as of 2009. Robert has over 20 years experience in IT with experience in the educational, health-care and finance industries. Robert’s past IT experience in the trenches of IT gives him the knowledge and insight that allows him to communicate effectively with IT professionals who are trying to address real concerns around business continuity, disaster recovery and regulatory compliance issues. Robert holds the following certifications: MCT - Microsoft Certified Trainer, MCTS - Windows Server Virtualization, MCSE, MCSA and MCPS. He is an active participant in the Microsoft newsgroup community and is currently focused on Hyper-V, Failover Clustering, SQL Server, Azure and all things related to Cloud Computing and Infrastructure Optimalization. Follow Robert on Twitter @ClusterMVP Or follow his blog Linkedin Profile Http:// Robert is also capable of transferring his knowledge to others which is a rare feature in the field of IT. He makes a point of not only solving issues but also of giving on the job training of his colleagues. A customer says " Robert has been a big influence on our technical staff and I have to come to know him as a brilliant specialist concerning Microsoft Products. He was Capable with his in-depth knowledge of Microsoft products to troubleshoot problems and develop our infrastructure to a higher level. I would certainly hire him again in the future. " Details of the Recommendation: "I have been coordinating with Robert implementing a very complex system. Although he was primarily a Microsoft infrastructure specialist; he was able to understand and debug .Net based complext Windows applications and websites. His input to improve performance of applications proved very helpful for the success of our project

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: