Microsoft releases temporary fix for SMB2 zero-day vulnerability

By Robert Westervelt, News Editor 22 Sep 2009 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Microsoft updated a security advisory releasing an automated fix that temporarily disables the Server Message Block (SMB) until a patch is released correcting a zero-day vulnerability in SMB2 on Windows Vista and Server 2008 operating systems.

Exploit code targeting the flaws was released to customers of penetration testing firm Immunity Inc. Initial proof of concept code, which is widely available resulted in a system crash, but a subsequent update to the code enables an attacker to gain access and take full control of a computer.

Microsoft issued a security advisory Sept. 8, warning that the code had surfaced and was targeting certain SMB implementations. The SMB is used in Windows to communicate messages to devices on the network and for file sharing and communicating with printers.

The fix-it code was released late last week and automatically disables SMB. It applies to Windows Server 2008 Service Pack 2, Windows Vista Service Pack 2 and Windows Vista Service Pack 1. A manual workaround is also available. An IT professional can use registry editor to disable certain registry keys. But Microsoft warns that using the editor incorrectly could cause serious problems that may require a complete reinstall of the operating system. Disabling SMB2 may slow down traffic between Windows Vista and Windows Server 2008 machines, Microsoft said.

SearchSecurity radio:

In a blog entry, Microsoft Security Response Center engineers Mark Wodrich and Jonathan Ness said they are not aware of any in-the-wild exploits or real-world attacks.

"The product team has built packages and are hard at work testing now to ensure quality," the researchers wrote. "For this update, the product team has so far already completed over 10,000 separate test cases in their regression testing. They are now in stress testing, third-party application testing and fuzzing."

Tags: Windows Security: Alerts, Updates and Best Practices,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows Security: Alerts, Updates and Best Practices Windows 7 DoS flaw allows hackers to freeze Microsoft's newest OS Microsoft patches serious Windows kernel flaws Microsoft to address flaws in Windows, Office for Mac Microsoft fixes security update that breaks Internet Explorer What is the best database patch management process? Microsoft addresses critical SMBv2 flaw, fixes record number of flaws Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities Microsoft issues SMB vulnerability advisory, patch pending Attackers target Microsoft IIS; new SMB flaw discovered Microsoft repairs Windows media, TCP/IP vulnerabilities

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary BotHunter  (SearchSecurity.com) principle of least privilege (POLP)  (SearchSecurity.com) security identifier  (SearchSecurity.com) trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary