Publishes Security Advisory 977544

Nov 14, 2009 12:04 GMT  ·  By

Microsoft has reacted rapidly to public reports of a zero-day denial-of-service vulnerability in its latest iterations of the Windows client and server operating systems, and is providing customers with guidance on how to block potential attempts to take advantage of the security flaw. In this regard, the Redmond company has underlined that no exploits or attacks have been detected for the denial-of-service (DoS) hole in the Microsoft Server Message Block (SMB) Protocol impacting both SMBv1 and SMBv2 in Windows 7 and Windows Server 2008 R2. However, Proof of Concept (PoC) code was irresponsibly published in the wild, making it extremely easy for attackers to build exploits putting at risk users of Windows 7.

“Microsoft is aware of public, detailed exploit code that would cause a system to stop functioning or become unreliable. If exploited, this DoS vulnerability would not allow an attacker to take control of, or install malware on, the customer’s system but could cause the affected system to stop responding until manually restarted. It is important to note that the default firewall settings on Windows 7 will help block attempts to exploit this issue,” Dave Forstrom, group manager, public relations, Microsoft Trustworthy Computing, revealed. “The company is not aware of attacks to exploit the reported vulnerability at this time.”

Users currently running Windows 7 and Windows Server 2008 R2 need to know that Microsoft published Security Advisory 977544, in response to the details available in the wild of the DoS vulnerability. The advisory contains a section titled Workarounds, which advices Windows 7 customers to block TCP ports 139 and 445 at the firewall in order to bulletproof their systems against potential attacks.

“While Microsoft is not currently aware of active attacks, the company recommends customers review and implement the workarounds outlined in the advisory until a comprehensive security update is released,” Forstrom explained. Microsoft confirmed that the vulnerability was Windows 7-specific and that users running Windows Vista, Windows Server 2008, Windows XP, Windows Server 2003 and Windows 2000 were not affected.