Microsoft warns of SMB vulnerability in Windows Server 2008 and Vista
Microsoft has confirmed the security vulnerability in its implementation of the SMB2 protocol reported yesterday, and has gone one better, noting that the bug can be exploited to inject and execute code. The first indications that this might be the case were published by security specialist and reverse engineer Ruben Santamarta, following a closer analysis of the exploit published by Laurent Gaffié.
The current exploit merely causes a vulnerable system to crash or restart and requires port 445 to be available – usually the case on local networks only.
According to Microsoft, affected products are Windows Vista and Server 2008. Whilst the Windows Server 2008 R2 Release Candidate is not affected, the bug is present in the Windows 7 Release Candidate. Windows XP, 2000 and Server 2003 do not support SMB2 and are consequently not vulnerable.
Microsoft has not yet released a patch. As a workaround, the company suggests deactivating SMB2 in the registry or blocking ports 139 and 445 using the integrated firewall. The latter can, however, disable some services. Instructions for the workarounds can be found in Microsoft's security advisory.
- Vulnerabilities in SMB Could Allow Remote Code Execution, advisory from Microsoft.
- Hole in Windows Vista and 7 allows remote reboot, a report from The H.