Patch Management

Microsoft releases workaround for SMB security flaw

September 21, 2009

Microsoft has released a quick fix to the Server Message Block Version 2 (SMBv2) vulnerability affecting Windows Vista and Windows Server 2008.

In explaining the fix, Mark Wodrich and Jonathan Ness, researchers with the Microsoft Security Response Center (MSRC) engineering team, wrote in a post Friday on the Microsoft Security Research & Defense blog that “…we are aware of exploit code…We have analyzed the code ourselves and can confirm that it works reliably against 32-bit Windows Vista and Windows Server 2008 systems.”

A successful exploit allows an unauthenticated user to gain complete control of the targeted system, they said.

No official patch has been issued for the problem, but the researchers promise one soon. Microsoft's next planned security update is scheduled for Oct. 13, but the company has issued a number of out-of-band patches in recent years.

The blog post goes on to say that until a proper security update is released, the best way to protect systems is to disable support for SMBv2 protocol or block TCP ports 139 and 445 at the machine's firewall.

The post has a link to a “Microsoft Fix It” package that disables SMBv2 and then stops and starts the server service.

Microsoft also offered a status update on progress toward an official remedy.

“For this update, the product team has so far already completed over 10,000 separate test cases in their regression testing,” the post said. “They are now in stress testing, third-party application testing and fuzzing.”

The good news is that the exploit can be detected by intrusion detection systems (IDS) and firewalls that have signatures for the vulnerability being targeted, according to Microsoft.

prestitial ad