Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000141143

Stop Code 0x50 srv.sys caused by EternalBlue Exploit

Summary: This article details how to solve Stop Code 0x50 srv.sys caused by EternalBlue Exploit.

Article Content

Symptoms

Microsoft released a Security Bulletin regarding SMBv1.0SLN306200_en_US__1iC_External_Link_BD_v1 The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.

You can identify that this issue is occuring by analyzing the Stack on the Memory Dump and finding this specific lines:

ffffd001`078b0700 fffff801`71252360 nt!KiPageFault+0x12f
ffffd001`078b0890 fffff801`712522a5 srv!SrvOs2FeaToNt+0x48
ffffd001`078b08c0 fffff801`7127369b srv!SrvOs2FeaListToNt+0x125
ffffd001`078b0910 fffff801`7127c8ba srv!SrvSmbOpen2+0xc3
ffffd001`078b09b0 fffff801`7127fb2e srv!ExecuteTransaction+0x2ca
ffffd001`078b09f0 fffff801`7120d84f srv!SrvSmbTransactionSecondary+0x40b
ffffd001`078b0a90 fffff801`7120da20 srv!SrvProcessSmb+0x237
ffffd001`078b0b10 fffff801`7124cac8 srv!SrvRestartReceive+0x114
ffffd001`078b0b50 fffff800`13591306 srv!WorkerThread+0x5248
ffffd001`078b0bd0 fffff800`1317f280 nt!IopThreadStart+0x26
ffffd001`078b0c00 fffff800`131d89c6 nt!PspSystemThreadStartup+0x58
ffffd001`078b0c60 00000000`00000000 nt!KiStartSystemThread+0x16

Affected Systems:
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows 7
Windows 8
Windows 8.1
Windows 10
 

Resolution

Microsoft published a Blog Post SLN306200_en_US__2iC_External_Link_BD_v1 about the SMB1 explaining that it is obsolete and should not be used on the latest OS Versions.

Since this issue is caused by an Exploit, it is required to run an Antivirus Program on affected System.

Workarounds

The following workarounds SLN306200_en_US__2iC_External_Link_BD_v1 may be helpful in your situation:

  • Disable SMBv1

    For customers running Windows Vista and later

    See Microsoft Knowledge Base Article 2696547SLN306200_en_US__2iC_External_Link_BD_v1

    Alternative method for customers running Windows 8.1 or Windows Server 2012 R2 and later

    For client operating systems:

    1. Open Control Panel, click Programs, and then click Turn Windows features on or off.
    2. In the Windows Features window, clear the SMB1.0/CIFS File Sharing Support checkbox, and then click OK to close the window.
    3. Restart the system.
       

    For server operating systems:

    1. Open Server Manager and then click the Manage menu and select Remove Roles and Features.
    2. In the Features window, clear the SMB1.0/CIFS File Sharing Support check box, and then click OK to close the window.
    3. Restart the system.
       

    Impact of workaround. The SMBv1 protocol will be disabled on the target system.
    SMBv1.0 offer support for legacy system. (Windows XP, Windows Vista, Windows 2000, Windows 2003, Windows 2003 R2).

    How to undo the workaround. Retrace the workaround steps, and select the SMB1.0/CIFS File Sharing Support check box to restore the SMB1.0/CIFS File Sharing Support feature to an active state.

Article Properties

Affected Product

Microsoft Windows 2008 Server R2, Microsoft Windows 2012 Server, Microsoft Windows 2012 Server R2

Last Published Date

21 Feb 2021

Version

3

Article Type

Solution

Back to Top