Microsoft Issues New Security Workaround for SMB Vulnerability
Microsoft releases an automated tool to help the public disable Server Message Block 2, the company's network file and print sharing protocol. Microsoft officials say they are still working on a patch for the vulnerability, which was disclosed earlier this month.Microsoft is telling IT pros to utilize its automated Fix IT tool to deal with an unpatched vulnerability in Server Message Block 2. The flaw in Server Message Block (SMB) 2 was publicly disclosed Sept. 7 and affects Windows Vista, Windows Server 2008 and release candidates of Windows 7. When it was first found, researchers noted it could be exploited to cause the Blue Screen of Death. It has since been revealed, however, that it could be exploited to take over a system.
"Until the security update is released, the best way to protect systems from this vulnerability is to disable support for version 2 of the SMB protocol," blogged Mark Wodrich and Jonathan Ness of Microsoft Security Response Center. "The security advisory was updated [Sept. 17] with a link to the Microsoft Fix It package that disables SMBv2 and then stops and starts the Server service."