SMB 2.0 zero-day affects Windows

Stephen Withers
Thursday, 10 September 2009 05:52

Business IT - Security

A vulnerability in certain Microsoft SMB implementations has been made public before the company has had a chance to fix it.

A vulnerability in the SMB implementation in certain recent Microsoft operating systems has been publicly disclosed, along with a proof of concept exploit.

Vista and Windows Server 2008 are affected, but not 2000, XP, Server 2008 R2 or Windows 7, the company stated.

However, there are some reports that the SMB 2.0 code in the widely distributed Windows 7 Release Candidate (build 7100) is vulnerable.

According to McAfee officials, the issue involves the handling of malformed SMB 'negotiate protocol request' queries. An exploit could cause remote code execution or denial of service.

Microsoft concedes that a successful exploit could give an attacker complete control over a system, but notes that "Most attempts to exploit this vulnerability will cause an affected system to stop responding and restart."

As temporary measures, Microsoft officials suggest disabling SMB v2 completely (achieved by editing a registry key), or blocking ports 139 and 445 at the firewall.

The downside of these approaches is that the first prevents all SMB v2 communication, while the second interferes with a variety of applications and services including applications that use SMB, file and print sharing, Group Policy, and Systems Management Server.

The issue is being investigated by Microsoft, which says it "will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs."