<<< Date Index >>>     <<< Thread Index >>>

[REVERSEMODE ADVISORY] MS06-030 NtClose DeadLock.



Microsoft Kernel Object Manager is prone to a deadlock vulnerability
which could be exploitable, making unkillable any desired process
running on the affected machine.

+ Paper/Advisory -Reversing mrxsmb.sys, Chapter II "NtClose DeadLock" -
(pdf)
+ Exploit Code (c source code)

Both two can be downloaded at www.reversemode.com

This issue seems to be addressed in the recent bulletin MS06-030.

Rubén Santamarta,
www.reversemode.com