Crash Warning for Windows storage exhaustion network -no Microsoft -Fix

Microsoft is no stranger to weaknesses. Heck, 684 Windows server security errors were confirmed in 2024 alone. In fact, this is a positive thing, since it is far better to know about a vulnerability than just discovering as soon as it has been exploited. For this reason, Microsoft Hacker paid for such responsible disclosures hacker of $ 60 million. But what if I would tell you that a security researcher has found a susceptibility to security that enables a remote attacker to overthrow your Enterprise network at will, and Microsoft is not interested in paying it stupid or fixing the problem. Welcome to the worrying world of Windows Deployment Services Memory Exhaustion Technology.

ForbesConfirmed – published 19 billion compromised passwords onlineFrom Davey Winder

Research into the weaknesses for exhaustion of the remote storage in critical Microsoft services

You can read any number of reports and warnings about vulnerabilities for remote code design and exploits against Windows Networks. The security research community could be fascinated by you. And for good reason: The ability to carry out any code leaves your network and ultimately the operation of your organization susceptible to ransomware attacks, cyber espionage and more.

In a detailed technical blog posting, Peng writes in front of the dangers that are presented by a denial of service attack, in which a vulnerability pattern in user DataGram Protocol Remote services uses Windows deployment services. The Associate Professor has shown how an attacker can crash your Windows-Enterprise network without authentication or user interaction with a remote distance of service stands into ETICS attacks.

“For IT administrators, WDS is of crucial importance for managing corporate networks, data centers or educational institutions that need optimized, safe operating system provisions,” said Peng that an attacker can easily forge the IP addresses and port numbers of customers in order to create new sessions until all system resources are exhausted.

ForbesGoogle issues new Windows password -security warningsFrom Davey Winder

Microsoft did not take any further measures

The complete technical methodology is in Pengs report, but only knows that it easily enables an attacker's susceptibility to exploitian security to disturb a network quickly and effectively, since it literally collapses with memory creation.

You may think that Microsoft would be beyond that, but that doesn't seem to be the case. Peng announced the susceptibility to Microsoft on February 8th. It was confirmed on March 4. On April 23, Microsoft Peng said that the susceptibility to security was “moderate” and that the bar was not fulfilled for safety measures, including bounty payments. On the same day, Peng replied to Microsoft to react, since it was “an important DOS error without authentication (Prach) or user interaction (0-click)”, but was no longer heard, she decided to publish the blog.

PENG recommends that users give up Windows deployment services, as “there is currently no good opportunity to alleviate this problem unless Microsoft takes responsibility and releases a patch.”

I turned to Microsoft to get an explanation.

ForbesGovernment's security warning as a password and 2fa hacker strikeFrom Davey Winder