******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* KERNEL_SECURITY_CHECK_FAILURE (139) A kernel component has corrupted a critical data structure. The corruption could potentially allow a malicious user to gain control of this machine. Arguments: Arg1: 0000000000000007, Fatal program exit requested. Arg2: ffff900c4c58d6f0, Address of the trap frame for the exception that caused the BugCheck Arg3: ffff900c4c58d648, Address of the exception record for the exception that caused the BugCheck Arg4: 0000000000000000, Reserved Debugging Details: ------------------ KEY_VALUES_STRING: 1 Key : Analysis.CPU.mSec Value: 2781 Key : Analysis.DebugAnalysisManager Value: Create Key : Analysis.Elapsed.mSec Value: 2849 Key : Analysis.IO.Other.Mb Value: 0 Key : Analysis.IO.Read.Mb Value: 0 Key : Analysis.IO.Write.Mb Value: 0 Key : Analysis.Init.CPU.mSec Value: 2952 Key : Analysis.Init.Elapsed.mSec Value: 4303 Key : Analysis.Memory.CommitPeak.Mb Value: 98 Key : Bugcheck.Code.DumpHeader Value: 0x139 Key : Bugcheck.Code.KiBugCheckData Value: 0x139 Key : Bugcheck.Code.Register Value: 0x139 Key : FailFast.Name Value: FATAL_APP_EXIT Key : FailFast.Type Value: 7 Key : WER.OS.Branch Value: rs5_release Key : WER.OS.Timestamp Value: 2018-09-14T14:34:00Z Key : WER.OS.Version Value: 10.0.17763.1 FILE_IN_CAB: MEMORY.DMP VIRTUAL_MACHINE: VMware BUGCHECK_CODE: 139 BUGCHECK_P1: 7 BUGCHECK_P2: ffff900c4c58d6f0 BUGCHECK_P3: ffff900c4c58d648 BUGCHECK_P4: 0 TRAP_FRAME: ffff900c4c58d6f0 -- (.trap 0xffff900c4c58d6f0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=00000000c0000017 rbx=0000000000000000 rcx=0000000000000007 rdx=fffff80b11def07c rsi=0000000000000000 rdi=0000000000000000 rip=fffff80b130e4fc9 rsp=ffff900c4c58d880 rbp=ffff900c4c58d940 r8=fffff80b11def048 r9=000000000000149c r10=00000000c0000017 r11=ffff900c4c58d850 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na po nc ksecpkg!CngRsa32Compat_MD5Init+0x362d: fffff80b`130e4fc9 cd29 int 29h Resetting default scope EXCEPTION_RECORD: ffff900c4c58d648 -- (.exr 0xffff900c4c58d648) ExceptionAddress: fffff80b130e4fc9 (ksecpkg!CngRsa32Compat_MD5Init+0x000000000000362d) ExceptionCode: c0000409 (Security check failure or stack buffer overrun) ExceptionFlags: 00000001 NumberParameters: 1 Parameter[0]: 0000000000000007 Subcode: 0x7 FAST_FAIL_FATAL_APP_EXIT BLACKBOXBSD: 1 (!blackboxbsd) BLACKBOXPNP: 1 (!blackboxpnp) PROCESS_NAME: System ERROR_CODE: (NTSTATUS) 0xc0000409 - El sistema detect una saturaci n de un b fer basado en pilas en esta aplicaci n. Esta saturaci n podr a permitir que un usuario malintencionado tome el control de la aplicaci n. EXCEPTION_CODE_STR: c0000409 EXCEPTION_PARAMETER1: 0000000000000007 EXCEPTION_STR: 0xc0000409 STACK_TEXT: ffff900c`4c58d3c8 fffff805`512716e9 : 00000000`00000139 00000000`00000007 ffff900c`4c58d6f0 ffff900c`4c58d648 : nt!KeBugCheckEx ffff900c`4c58d3d0 fffff805`51271a90 : ffffa30d`0000003e 00000000`00000000 00000000`00000140 00000000`00000140 : nt!KiBugCheckDispatch+0x69 ffff900c`4c58d510 fffff805`5126fe8e : 00000000`00000028 fffff805`5119ccab 00000000`00000021 00000000`00000000 : nt!KiFastFailDispatch+0xd0 ffff900c`4c58d6f0 fffff80b`130e4fc9 : ffffb700`f288f8d0 ffff900c`4c58d920 ffffb700`ec3e6c10 00000000`00000010 : nt!KiRaiseSecurityCheckFailure+0x30e ffff900c`4c58d880 fffff80b`130fb3d9 : ffff900c`4c58daf0 ffffb700`ec3e6c10 00000000`00000000 00000000`00000000 : ksecpkg!CngRsa32Compat_MD5Init+0x362d ffff900c`4c58d8d0 fffff80b`129ac645 : ffff900c`4c58daf0 000000a6`8fbacb8c ffff900c`4c58dcb0 ffff900c`4c58dce8 : ksecpkg!NtLmInitKernelContext+0x1d9 ffff900c`4c58d980 fffff80b`129ac028 : 00000000`00000000 00000000`00002000 ffff900c`4c58dac0 ffffa30d`0e08a900 : ksecdd!InitUserModeContext+0x81 ffff900c`4c58d9c0 fffff80b`129ab080 : ffffa30d`0b665080 fffff80b`1299131b ffffa30d`0b665080 ffff900c`4c58dce8 : ksecdd!KsecProcessSecurityContext+0x658 ffff900c`4c58dba0 fffff80b`12a03724 : 00000000`00000000 00000000`00000001 ffffb700`00000d47 00000000`00000002 : ksecdd!InitializeSecurityContextW+0x70 ffff900c`4c58dc10 fffff80b`12a0354c : ffffa30d`0e157080 fffff80b`12a032ad 00000000`002cfc28 ffffb700`e2e00340 : tcpip!WfpAlepCreateTokenFromLogonId+0x1b4 ffff900c`4c58dd60 fffff80b`12a049bd : 00000000`00000000 00000000`00000000 fffff80b`12bd5698 00000000`00000089 : tcpip!WfpAleCreateTokenFromLogonId+0x34 ffff900c`4c58dde0 fffff80b`12a03007 : 00000000`00000000 ffffa30d`13c2bb20 ffffa30d`00000012 ffffa30d`14e041a0 : tcpip!WfpAlepSetSecurity+0x245 ffff900c`4c58deb0 fffff80b`12a02ecc : 00000000`00000000 00000000`980000c8 00000000`00000000 ffffb700`e2e00000 : tcpip!WfpAleProcessSocketOption+0x103 ffff900c`4c58e090 fffff80b`12a0bd94 : ffffa30d`13d844d0 00000000`00000000 00000000`00000000 ffff900c`4c58e7c8 : tcpip!InetInspectSocketOption+0x60 ffff900c`4c58e110 fffff80b`12a0b74f : ffffa30d`13c2b082 ffff900c`4c58e400 ffffa30d`0b006800 ffffa30d`13c2b000 : tcpip!TcpSetSockOptEndpoint+0x5cc ffff900c`4c58e2c0 fffff805`5115b248 : 00000000`00000000 00000000`00000000 ffff900c`4c58e350 00000000`00000000 : tcpip!TcpTlEndpointIoControlEndpointCalloutRoutine+0x5f ffff900c`4c58e320 fffff805`5115b1bd : fffff80b`12a0b6f0 ffff900c`4c58e400 ffffa30d`0e0da980 00000000`000000ff : nt!KeExpandKernelStackAndCalloutInternal+0x78 ffff900c`4c58e390 fffff80b`12a86664 : 00000000`000000ff ffff900c`00000070 00000000`00000000 00000000`00000000 : nt!KeExpandKernelStackAndCalloutEx+0x1d ffff900c`4c58e3d0 fffff80b`1448499d : 00000000`00000000 00000000`980000c8 ffffa30d`13775b80 00000000`00000000 : tcpip!TcpTlEndpointIoControlEndpoint+0x64 ffff900c`4c58e440 fffff80b`1448482e : ffffa30d`13775b80 00000000`00000058 ffffa30d`1464bc30 ffff9101`66118000 : afd!WskProTLControlRequest+0xcd ffff900c`4c58e4d0 fffff80b`1448470c : ffffa30d`13775b80 ffff900c`4c58e6d9 ffffa30d`13c2b420 ffffa30d`13db94f0 : afd!WskProControlSocketCore+0x10e ffff900c`4c58e540 fffff80b`1448441c : 00000000`00000200 00000000`00000058 00000000`64437852 00000000`00000000 : afd!WskProIRPControlSocket+0x1c ffff900c`4c58e570 fffff805`51199c29 : 00000000`00000010 ffff900c`4c58e620 ffffa30d`136e6298 ffffa30d`0ba25930 : afd!AfdWskDispatchInternalDeviceControl+0x3c ffff900c`4c58e5a0 fffff80b`14484ded : 000000a6`8fb794fb fffff805`511c0b03 00000000`00000002 00000000`00000004 : nt!IofCallDriver+0x59 ffff900c`4c58e5e0 fffff805`4f923805 : 00000000`00000000 ffffa30d`13db94f0 00000000`00000000 ffffa30d`13db94f0 : afd!WskProAPIControlSocket+0x9d ffff900c`4c58e650 fffff805`4f923522 : ffffa30d`0ba25930 00000000`00000000 ffff900c`00000001 fffff80b`1449d080 : mrxsmb!SmbWskSetSocketOptions+0x15d ffff900c`4c58e740 fffff805`4f923359 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffa30d`0ba25930 : mrxsmb!SmbWskInitiateAsynchronousConnect+0x1ae ffff900c`4c58e8a0 fffff805`4f92532e : 00000000`00000000 ffffa30d`0e8f7cd0 00000000`00000000 00000000`00000000 : mrxsmb!RxCeInitiateConnectRequest+0xc9 ffff900c`4c58e8e0 fffff805`4f92498a : ffffa30d`0e8f7cd0 ffffa30d`0e8f7cd0 00000000`00000001 00000000`00000000 : mrxsmb!RxCeBuildConnectionOverMultipleTransports+0x376 ffff900c`4c58ea70 fffff80b`13bc4d7f : ffffa30d`0e8f7cd0 ffffa30d`0f9e8090 ffffa30d`0e8f7d98 fffff805`51603240 : mrxsmb!RxCeInitiateConnection+0x3aa ffff900c`4c58eb10 fffff805`511979ba : ffffa30d`1182d040 fffff80b`13bc4cf0 ffffa30d`0e8f7d98 ffffa30d`00000000 : rdbss!RxpProcessWorkItem+0x8f ffff900c`4c58eb70 fffff805`511096e5 : ffffa30d`1182d040 ffffa30d`0b665080 ffffa30d`1182d040 00000000`00000000 : nt!ExpWorkerThread+0x16a ffff900c`4c58ec10 fffff805`5126734c : ffff9101`661a2180 ffffa30d`1182d040 fffff805`51109690 00000000`00000000 : nt!PspSystemThreadStartup+0x55 ffff900c`4c58ec60 00000000`00000000 : ffff900c`4c58f000 ffff900c`4c589000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x1c SYMBOL_NAME: ksecpkg!CngRsa32Compat_MD5Init+362d MODULE_NAME: ksecpkg IMAGE_NAME: ksecpkg.sys STACK_COMMAND: .cxr; .ecxr ; kb BUCKET_ID_FUNC_OFFSET: 362d FAILURE_BUCKET_ID: 0x139_7_FATAL_APP_EXIT_ksecpkg!CngRsa32Compat_MD5Init OS_VERSION: 10.0.17763.1 BUILDLAB_STR: rs5_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {89d131b6-5ce9-6950-43ed-f5936f666997} Followup: MachineOwner ---------