Windows 11 24H2 Introduces Local SMB Exploitation Feature
/ 1 min read
🖥️🔌 Windows 11 24H2 introduces local SMB file server exploitation capabilities. A new feature in Windows 11 24H2 allows users to specify the TCP port for the SMB client, enabling local exploitation of vulnerabilities without needing a remote server. This change addresses previous limitations where users could not bind a fake SMB server to the default port 445 without administrative access. By allowing connections through an alternative port, users can now exploit the “False File Immutability” bug class locally. While this feature can be disabled by administrators via Group Policy, it is enabled by default, raising concerns about potential security implications. The author has updated their fake SMB server example to facilitate these local attacks.
