Windows Memory Exhaustion Network Crash Warning — No Microsoft Fix
Microsoft is no stranger to vulnerabilities; heck, there were 684 Windows Server security flaws confirmed in 2024 alone. This is, in fact, a positive thing as it's far better to know about a vulnerability than only discover it once it has been exploited. Which is why Microsoft has paid hackers $60 million in bug bounties for such responsible disclosures. But what if I were to tell you that one security researcher has found a vulnerability that enables a remote attacker to crash your enterprise network at will, and Microsoft isn't interested in paying them diddly squat, or fixing the problem for that matter. Welcome to the worrying world of the Windows Deployment Services memory exhaustion attack technique. Forbes Confirmed — 19 Billion Compromised Passwords Published Online By Davey Winder
You can read any number of reports and warnings about remote code execution vulnerabilities and exploits against Windows networks. The security research community might be said to be fascinated by them. And for good reason: The ability to execute arbitrary code remotely leaves your network, and ultimately the operation of your organization, vulnerable to ransomware attacks, cyber-espionage, and more.
Writing in a detailed technical blog posting, Peng warns of the dangers presented by a denial-of-service attack exploiting a vulnerability pattern in User Datagram Protocol remote services that are employing Windows Deployment Services.The associate professor demonstrated how an attacker can crash your Windows enterprise network without any authentication or user interaction by deploying a remote Denial of Service attack in WDS.
'WDS is critical for IT administrators managing corporate networks, data centers, or educational institutions requiring streamlined, secure OS deployments,' Peng said, explaining that an attacker can easily forge client IP addresses and port numbers, to create new sessions until all system resources are exhausted. Forbes Google Issues New Windows Password Security Alert By Davey Winder
The full technical methodology is in Peng's report, but just know that this easy-to-exploit vulnerability enables an attacker to disrupt a network rapidly and effectively as it literally collapses from memory exhaustion.
You might think that Microsoft would be all over this, but that doesn't appear to be the case. Peng disclosed the vulnerability to Microsoft Feb. 8. and it was confirmed March 4. Come April 23, Microsoft told Peng that the vulnerability is 'moderate' and doesn't meet the bar for security action, including bounty payments. The same day, Peng responded to urge Microsoft to react as it was 'an important DoS bug without authentication (preach) or user interaction (0-click)' but as nothing more was heard, decided to publish the blog.
Peng recommends that users abandon Windows Deployment Services as 'there is currently no good way to mitigate this issue unless Microsoft takes responsibility and releases a patch.'
I have reached out to Microsoft for a statement. Forbes Government Security Warning Issued As Password And 2FA Hackers Strike By Davey Winder
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Tom's Guide
an hour ago
- Tom's Guide
As a PS5 owner, I never thought I'd be jealous of Xbox — and it's all because of this controller
A long, long time ago, before I bought my PlayStation 4 (and eventually my PlayStation 5 Slim), I was an Xbox girlie. I know, shocker because I absolutely adore my Sony console — it's the best purchase I've ever made. But the one thing I miss about Microsoft's consoles? The asymmetrical ABXY controllers. I love the DualSense and its haptic feedback, but sometimes I wish it had asymmetrical thumbsticks because, to me, they feel more ergonomic and comfortable. Well, good news is that I still get to use third-party Xbox/PC gamepads for work, and I fear this one controller has ruined every other for me. I wasn't expecting to love the Turtle Beach Afterglow Wave this much, and now that I've reviewed it, I can't stop thinking about it. Sporting a lovely, colorful design with 8-zone RGB lighting, the Turtle Beach Afterglow Wave is a funky gamepad for Xbox and Windows. Its Hall Effect triggers are extremely responsive, coming in clutch in many games. Powerful rumble makes games feel more immersive while user-friendly companion software enables easy customization. This is an excellent budget option for those who don't want to spend loads on first-party controllers. So what is it about the Afterglow Wave that has me so envious of Xbox owners, a sentence I never thought I'd say? I'm aware that there are third-party PS5 controllers out there, but I want this one. It looks stunning, its performance is even better, and the fact that I can't have it makes it even more tempting. I love minimalism. I love keeping things simple, which is why I adore the PS5 DualSense. There's something irresistible (and premium) about its black and white color scheme. But I'd be lying if I said I didn't also enjoy a bit of RGB lighting — as long as it's done tastefully. That's just what the Turtle Beach Afterglow Wave does. It's equipped with 8-zone RGB lighting that's fully customizable — and boy does it look good! You can adjust its intensity and patterns via the Turtle Beach PD Control Hub but I kept it at the default Wave setting with RGB turned up to 100%. I loved using this gamepad in the dark as I could admire the RGB lighting in all its glory. I like that the thumbsticks light up too. It's something I never paid much mind to but now that I've tested a controller with this feature, I want every gamepad to have it. The thing I love most about the PS5 DualSense controller is the extremely precise haptic feedback that immerses you in most titles. I wouldn't change it for the world, so it's only natural that I'm attracted to gamepads that boast powerful vibration and rumble, like the Turtle Beach Afterglow Wave. The Afterglow Wave's rumble is powerful and intense. In fact, at its highest settings, it's so powerful that the vibrations could be felt across a bank of six desks, and this earned me curious looks from my coworkers. I think it's great, especially in racing games where you can feel the vibrations getting more and more intense as you shift gears or accelerate. I enjoyed it in games like Shadow of the Tomb Raider too, where Lara Croft would chip at a wall of loose bricks with her pickaxe and the rumble would get more powerful with each blow. I've tested a lot of gaming keyboards with Hall Effect sensors and gamepads with Hall Effect or TMR thumbsticks and triggers and every time I finish reviewing one, I wish my PS5 DualSense had them too. That's because HE triggers give you more precise control over your movements, enabling pin-point aiming or drifting (depending on the title you're playing). The Turtle Beach Afterglow Wave takes things a step further by introducing 3-stop adjustment. Each trigger has a dedicated switch to toggle different trigger points, so you can enable hair trigger, for instance, which turns the mechanism into a short, clicky press — great for aiming and shooting instantaneously in FPS titles. It's a game-changer and something that once you've tried, you can't live without. Like I said, I wouldn't give up my PS5 DualSense as you'd have to pry it out of my cold hands, but even I can't deny the Afterglow Wave's charms. With its stunning looks and even better performance, it has won me over. If Turtle Beach were to ever make a licensed PS5 controller along the same lines, you know I'll be the first in line to get it.
Yahoo
an hour ago
- Yahoo
Microsoft CEO consoles employees by saying recent layoffs are down to 'the enigma of success in an industry that has no franchise value'
When you buy through links on our articles, Future and its syndication partners may earn a commission. This month began with some stark news for Microsoft employees: The business was doing better than ever before, and that somehow means layoffs. Around 9,000 employees were laid-off globally, studios were closed, games were cancelled, and then to rub salt in the wound some Microsoft exec with terminal LinkedIn brain suggested that those affected use AI to console themselves. Judging by the latest bizarre missive from Microsoft chairman and CEO Satya Nadella, that very executive is probably in line for a promotion. There's executive leadership verbiage, and then there's Nadella in full flow, an endless spewer with terrifying levels of executive power and a cheery disregard for the economic realities of the little people. Ahem. In a new blog titled "Recommitting to our why, what and how" Nadella takes off, first of all bravely addressing the question of why Microsoft has just fired so many folks. "I want to speak to what's been weighing heavily on me, and what I know many of you are thinking about: the recent job eliminations," writes Nadella. Then it's on to the "seeming incongruence" of the fact that "by every objective measure, Microsoft is thriving—our market performance, strategic positioning, and growth all point up and to the right [...] And yet, at the same time, we've undergone layoffs." Get ready because, in the annals of executive bullshit, this is a beauty. "This is the enigma of success in an industry that has no franchise value," writes Nadella. "Progress isn't linear. It's dynamic, sometimes dissonant, and always demanding. But it's also a new opportunity for us to shape, lead through, and have greater impact than ever before." I'm not sure exactly what Nadella means by "franchise value" but neither's he, and that's the point. Is the suggestion that big tech can fail overnight with a bad product? Because Microsoft's history and de facto monopoly certainly suggests otherwise! There's more nonsense about "creating new categories with new business models and a new production function" and, naturally, a reference to "this new paradigm." Then we get into the titular "why, what, and how" of Microsoft's "mission" and surprise surprise people: it's AI! "What does empowerment look like in the era of AI?" Nadella wonders. "It's about building tools that empower everyone to create their own tools. That's the shift we are driving—from a software factory to an intelligence engine empowering every person and organization to build whatever they need to achieve." There's some nonsense about AI changing everything because "that's the empowerment our mission enables, creating local surplus in every company, community, and country." Local surplus? What, of laid-off workers? Is that the future Satya? The guy's language really makes my head hurt at points, but I can say one thing—Copilot couldn't come up with this: "We will reimagine every layer of the tech stack for AI—infrastructure, to the app platform, to apps and agents. The key is to get the platform primitives right for these new workloads and for the next order of magnitude of scale. Our differentiation will come from how we bring these layers together to deliver end-to-end experiences and products, with the core ethos of a platform company that fosters ecosystem opportunity broadly. Getting both the product and platform right for the AI wave is our North Star!" The LinkedIn nerds are gonna love this line: "Growth mindset has served us well over the last decade—the everyday practice of being a learn-it-all, not a know-it-all." This is good, apparently, and "it might feel messy at times, but transformation always is." Nadella claims that where AI is now "reminds me of the early '90s, when PCs and productivity software became standard in every home and every desk!" Don't ask why. "What we've learned over the past five decades is that success is not about longevity," says Nadella. "It's about relevance. Our future won't be defined by what we've built before, but by what we empower others to build now." It seems to me that the main thing Microsoft is empowering people to build is the latest version of their CV, but I digress. Nadella's unique mode of expression aside, this is mostly just another tone-deaf missive from a corporation that truly seems to specialise in them. Perhaps the most concrete take-away from all of this though is that "we will reimagine every layer of the tech stack for AI—infrastructure, to the app platform, to apps and agents." AI may not do everything the boosters say, in other words: but it's here to stay anyway and, if you think it's been obtrusive up to now, you really haven't seen anything yet.
Yahoo
2 hours ago
- Yahoo
Microsoft (MSFT) Price Target Raised on Azure Optimism
Microsoft Corporation (NASDAQ:MSFT) ranks among the . BMO Capital kept its Outperform rating on Microsoft Corporation (NASDAQ:MSFT) and increased its price target from $485 to $550 on July 10. The adjustment came following BMO Capital's consultations with cloud specialists who offered input on Microsoft's Azure cloud platform. In contrast to the March quarter, the firm reported that Azure commentary was 'incrementally positive' during the June quarter. Ken Wolter / Despite an increase in production workloads, BMO Capital observed that Azure service usage stayed 'largely stable' during this time. The firm also noted that 'aggressive VMware pricing' has aided transitions to the cloud. BMO Capital is sticking to its Azure growth projections, which it claims align with consensus projections for Microsoft's fourth quarter, despite the encouraging feedback. Microsoft Corporation (NASDAQ:MSFT) is a leading technology company known for its core software products, which include the Windows OS, Microsoft 365 suite, and Edge browser. Its product portfolio includes corporate software, software development tools, video games, gaming gear, and cloud services. While we acknowledge the potential of MSFT as an investment, we believe certain AI stocks offer greater upside potential and carry less downside risk. If you're looking for an extremely undervalued AI stock that also stands to benefit significantly from Trump-era tariffs and the onshoring trend, see our free report on the best short-term AI stock. Read More: and Disclosure: None.
