I found a zero day in a security vendor's firewall software that allows you to remotely crash the entire system by sending it a single malicious packet. Since the firewall is responsible for inspecting traffic prior to the operating system handling it, no ports even need to be open for it to work.
Discussion
Replies:
9
Boosts:
1
Get yourself paid for your discovery. Microsoft pays people who finds exploits. Often people report this in the wild, and lose out being paid.
Did you use your "AI" workflow to discover this? 🙂
@malwaretech reminds me of the 1990s (?) dirt-simple exploit whereby you could crash a Windows machine merely by sending it any OOB packet. Yes, I tried it and it worked. I later saw code for it in an exhibit of various exploits at Madrid's Reina Sofia art museum. Cool exhibit.
@malwaretech You should have waited till Friday. That's the Vulnerability Disclosure Day, isn't it?
@malwaretech The ping of death is back!
@malwaretech WinNuke 2026! ☢️
@malwaretech Ah, the joys of "security" software.
@malwaretech NO ports? That is impressive.
The last DoS I found in a firewall needed port 80 to be open to something behind it since it was related to WAF stuff
