Microsoft Issues New Security Workaround for SMB Vulnerability

 
 
By Brian Prince  |  Posted 2009-09-21 Print this article Print
 
 
 
 
 
 
 

Microsoft releases an automated tool to help the public disable Server Message Block 2, the company's network file and print sharing protocol. Microsoft officials say they are still working on a patch for the vulnerability, which was disclosed earlier this month.

Microsoft is telling IT pros to utilize its automated Fix IT tool to deal with an unpatched vulnerability in Server Message Block 2.

The flaw in Server Message Block (SMB) 2 was publicly disclosed Sept. 7 and affects Windows Vista, Windows Server 2008 and release candidates of Windows 7. When it was first found, researchers noted it could be exploited to cause the Blue Screen of Death. It has since been revealed, however, that it could be exploited to take over a system.

"Until the security update is released, the best way to protect systems from this vulnerability is to disable support for version 2 of the SMB protocol," blogged Mark Wodrich and Jonathan Ness of Microsoft Security Response Center. "The security advisory was updated [Sept. 17] with a link to the Microsoft Fix It package that disables SMBv2 and then stops and starts the Server service."

Disabling SMB2 may slow down SMB connections between Windows Vista and Windows Server 2008 machines, the company warned. Still, it may be worth the trouble. Though Microsoft reported they had not found any in-the-wild exploits for the flaw, researchers from the security firm Immunity developed a working remote exploit for the bug for their CANVAS penetration testing framework that is effective against both Vista and Windows Server 2008 systems.

"The exploit gains complete control of the targeted system and can be launched by an unauthenticated user," Wodrich and Ness wrote.

There are other workarounds, include disabling SMB 2 via the Windows Registry Editor or blocking TCP ports 139 and 445 at the firewall.

Microsoft offered no timeline for a patch, but the next regularly scheduled round of security fixes is due to arrive Oct. 13.


 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel