Microsoft has now issued a Security Advisory [977544] about the SMB-related vulnerability that I mentioned on Thursday. The advisory confirms that, while the flaw can be exploited to cause a denial-of-service attack (by crashing the target system), it does not appear possible to use it to install software or otherwise take control of the target. Microsoft confirms that the affected systems are:
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems*
- Windows Server 2008 R2 for Itanium-based Systems
The exploit works when a vulnerable PC attempts to browse or otherwise access an SMB share on a “toxic” server.
The principal suggested workaround is to block TCP ports 139 and 445 at the network firewall. Port 139 is used by the NETBIOS Session Service, and port 445 by Microsoft CIFS. There is really no good reason I can think of that these ports should be visible from the outside world, generally speaking. Of course, if the bad guys are already inside your network firewall, you have a serious problem.
|
32-bit Systems |
|
Windows 7 for x64-based Systems |
|
Windows Server 2008 R2 for x64-based Systems* |
|
Windows Server 2008 R2 for Itanium-based Systems |
