Patch/Configuration Management, Vulnerability Management

Researchers fret over new Microsoft SMB vulnerability

Hours after it released five fixes Tuesday as part of its monthly security update, Microsoft disclosed a new, unpatched vulnerability in its Server Message Block (SMB) network protocol, used to share files.

The flaw in SMB 2.0 could permit remote code execution, according to an advisory released Tuesday night. Microsoft said it was not aware of any active attacks leveraging the bug, present only in Windows Vista and Server 2008.

However, researcher Laurent Gaffie has posted proof-of-concept code to the Full Disclosure mailing list. He said the code could be used to crash any Vista or Windows 7 machine that has SMB enabled, resulting in the so-called "blue screen of death."

But experts disagreed, saying the flawed code does not appear to be in the final version Windows 7, scheduled for release on Oct. 22. Still, the problem concerns experts.

"I am of the opinion that it is very exploitable," Lurene Grenier, analyst team lead for Sourcefire's vulnerability research team, told on Wednesday.

She said businesses with properly configured firewalls should be protected against an attack. But while the vulnerability is unpatched, administrators should consider using an alternative protocol to share files.

"For the most part, organizations want [file-sharing] turned on on the server," Grenier said. "What you don't need is half of your company sharing documents through it when they can send those documents through email."

Ron Gula, CEO and CTO of Tenable Network Security, told on Wednesday that he expects Microsoft to deliver an out-of-band patch for the flaw, which he called a "virus candidate."

"This might be the first of many bugs [to affect SMB 2.0]," Gula said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.