iTWire - SMB 2.0 zero-day affects Windows

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

SMB 2.0 zero-day affects Windows

SMB 2.0 zero-day affects Windows

E-mail

by Stephen Withers
Thursday, 10 September 2009
A vulnerability in certain Microsoft SMB implementations has been made public before the company has had a chance to fix it. Featured Whitepaper 5 Best Practices for Smartphone Support A vulnerability in the SMB implementation in certain recent Microsoft operating systems has been publicly disclosed, along with a proof of concept exploit. Vista and Windows Server 2008 are affected, but not 2000, XP, Server 2008 R2 or Windows 7, the company stated. However, there are some reports that the SMB 2.0 code in the widely distributed Windows 7 Release Candidate (build 7100) is vulnerable. According to McAfee officials, the issue involves the handling of malformed SMB 'negotiate protocol request' queries. An exploit could cause remote code execution or denial of service. Microsoft concedes that a successful exploit could give an attacker complete control over a system, but notes that "Most attempts to exploit this vulnerability will cause an affected system to stop responding and restart." As temporary measures, Microsoft officials suggest disabling SMB v2 completely (achieved by editing a registry key), or blocking ports 139 and 445 at the firewall. The downside of these approaches is that the first prevents all SMB v2 communication, while the second interferes with a variety of applications and services including applications that use SMB, file and print sharing, Group Policy, and Systems Management Server. The issue is being investigated by Microsoft, which says it "will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs." Tags See All Tags Microsoft Networking Operating Systems Operating system Security Software Stephen Withers Vulnerability Windows Windows 2000 Windows 7 Windows Server Windows Vista Windows XP Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

British Airways selects Progress Software SOA Solutions to upgrade the travel experience

...Promote your press-releases here

Latest jobs

User Experience Architect (C4)
Consulting Services Branch Manager
Process Analyst X 4 (M4)
Content Co-Ordinator (M3)
Senior .Net Developer (M3)
Business Analyst (M17)
Test Lead
Senior Business Analyst
Business Analyst - Financial Markets, Ops focus
Technical Business Analyst - BI & DW - Contract

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking