The 2010 Pwnie Nominee For Best Server-Side Bug

SMB2 Negotiate Protocol Request Vulnerability (CVE-2009-3103)

Credit: Laurent Gaffié

In September 2009, Laurent Gaffié dropped a Windows 7 vulnerability in the SMB2 code, which quickly turned out to be exploitable. The vulnerability was not only technically interesting, but it caused some embarrassment for Microsoft because it was found by a simple 20-line fuzzer. Few security researchers believed that finding a remote Windows 7 bug would be that easy, but Laurant proved them wrong again by releasing multiple additional SMB2 vulnerabilities over the next few months.