A current zero day in the MS SMB2 protocol that deserves attention.
… Our investigation has shown that Windows Vista, Windows Server 2008 and Windows 7 RC are affected by this vulnerability. Windows 7 RTM, Windows Server 2008 R2, Windows XP and Windows 2000 are not affected by this vulnerability. … [1]
… The exploit needs no authentication, only file sharing enabled with one 1 packet to create a BSOD. We recommend filtering access to port TCP 445 with a firewall. … [3]
NOT AFFECTED:
For our SOE, from Microsoft Security Advisory (975497) [2]
- Windows XP Service Pack 2 and Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2 (SP3 ?)
[1] Microsoft Security Advisory 975497 Released (2009-Sep-08) [MS: MSRC]
[2] Vulnerabilities in SMB Could Allow Remote Code Execution (2009-Sep-08) [MS]
[3] Vista/2008/Windows 7 SMB2 BSOD 0Day (2009-Sep-08) [SANS]
[4] CVE-2009-3103 (2009-Sep-08) [CVE]
Fixes are now available for this issue:
Microsoft Security Advisory: Vulnerabilities in SMB could allow remote code execution
http://support.microsoft.com/kb/975497
* Microsoft Fix it 50304
* Microsoft Fix it 50307
Update on the SMB vulnerability situation
http://blogs.technet.com/srd/archive/2009/09/18/update-on-the-smb-vulnerability.aspx
… Until the security update is released, the best way to protect systems from this vulnerability is to disable support for version 2 of the SMB protocol. The security advisory was updated yesterday with a link to the Microsoft Fix It package that disables SMBv2 and then stops and starts the Server service. …