New Security Vulnerability affects Windows Vista, Server 2008 and RC version of Windows 7


By now, you’ve probably heard about this.  There is a vulnerability which affects the “SMBv2” service in Windows Vista, Windows Server 2008, and the Release Candidate version of Windows 7.  Microsoft says that the RTM version of Windows 7 is unaffected and that they are working on a patch.

You’re probably thinking “What’s SMB?” and “Am I affected?”  The SMB is the Server Message Block component in Microsoft Windows.  It’s function includes the systems that allow you to share files and printers over your local network.  If you use any Linux computers in your network, this is the system that “SAMBA” uses to share and access folders with your Windows computers.

If you’re running Windows Vista, Windows Server 2008 (not the R2 version that just released to manufacturing) or the release candidate of Windows 7, then you’re probably affected by this.  You need to worry because the person who discovered the vulnerability didn’t send it to Microsoft—they released it as a Zero-Day.  This means that there is a good chance that people are creating worms and other malware to use this.

What can happen? 

According to Microsoft and some researchers, in most cases your computer will do a BSOD “Blue Screen Of Death” and restart.  However the possibility exists that the attacker can install and run programs on your computer—thus turning it into a botnet or stealing information from you.

This is also one time that running older versions of Windows (meaning Windows 2000 or XP) is better.  Both of those versions of Windows use the SMBv1 service, which apparently isn’t affected by this.

So, what can I do?

At this time you have two main options.  The first is to go into your registry and disable the SMBv2 service.  The second is to go into your firewall and block ports 139 and 445 which are the two ports that the SMB service uses.  Blocking the ports on your computer will break a few things—including File and Printer Sharing.  I’ve inquired in the Microsoft Security forums for Windows Vista about whether blocking the port on your router or modem (assuming you’re on a broadband connection that uses NAT (the 192.168.x.x IP address)) will mitigate this vulnerability.  When I have an answer, I will post an update.

More information about this can be found at http://www.microsoft.com/technet/security/advisory/975497.mspx

Have a great day:)
Patrick.

Leave a comment

Your email address will not be published. Required fields are marked *