Windows News and info 15th Anniversary 2009-2024
Giants in Tech => Microsoft => Topic started by: javajolt on September 10, 2009, 03:57:37 AM
-
Microsoft has issued an advisory for the vulnerability in the SMB2 protocol revealed yesterday. The big news is that, contrary to earlier reports, Windows 7 and Windows Server 2008 R2 are not affected by the flaw. The release candidate of Windows 7 is, as are all versions of Vista and earlier versions of Windows Server 2008.
The fact that the final Windows 7 version fixes the flaw makes you wonder: If it was a deliberate fix, why did they not recognize that the flaw was still present in Vista? If they did, why have they not yet fixed it? Perhaps they slow-tracked it, or the testing standards for a change in a release candidate are lower than those for already shipped code. Perhaps an out-of-band fix is coming soon.
The vulnerability is network-accessible and, with a single packet, can allow remote code execution. The publicly-available exploit only causes a system crash, so it's not yet clear whether a consistent code execution exploit is possible. There are no reports of the exploit being used in the wild, although this is probably just a matter of time.
There are mitigating factors for this vulnerability: Blocking TCP ports 139 and 445 at the firewall will block the attack, as well as many legitimate network services, albeit ones which are usually blocked at a perimeter firewall. The advisory also includes instructions for disabling the SMB2 protocol.