I came across a bug in Microsoft Vista that allows it to be crashed from the command prompt by simply typing a single command. Apparently, Microsoft don’t believe that it warrants enough emphasis to provide a patch. They say they will fix it in the next Service Pack (due soon).
I was then a little curious. If Vista and Windows 2008 (and therefore SBS 2008) are based on the same TCP/IP stack would I also be able to crash SBS 2008?
I made sure my SBS 2008 machine was up to date:
Firstly, I go to the command prompt as an administrator and type:
route add 220.127.116.11/240 18.104.22.168
[On my test SBS2008 server it did not always happen immediately but I could normally force the issue if it didn’t happen initially by removing the route via the command:
route delete 22.214.171.124
I then wait a few moments and
BAMM! Blue screen of death!
Sure, to actually execute this command on Vista or SBS2008 you need to run it from a console but what is to stop some enterprising person getting this to run on a victim’s machine? We all know users just love to click and install spyware. So even though Microsoft say it isn’t a big worry I’d be concerned, especially as there is currently no patch available.
Information about the Vista issue is here but ladies and gentlemen the same thing happens on SBS 2008 so beware. Roll on Service Pack 2.