Protection against SMB 2.0 Critical 0-Day Exploits via Forefront TMG NIS

Microsoft has added protection against exploits targeting a vulnerability in the Server Message Block (SMB) implementation in mere hours. However, only customers running the Forefront TMG Network Inspection System can breathe easy. The Redmond-based company informed that the protection against the Critical zero-day vulnerability in SMB 2.0 was the first 0-Day signature release ever introduced to Forefront TMG NIS, according to Avi Ben-Menahem, Group Manager, Network Inspection System.

“In a matter of hours we completed root-cause analysis, signature development, testing and publishing of a new signature snapshot. During this process, which is driven by the Microsoft Malware Protection Center (MMPC), the team was able to demonstrate the agility of the core NIS technology and exercise the technologies and tools built over time to release a signature for the Vuln:Win/SMB2.Srv2.DoS!2009-3103 vulnerability in just a few hours,” Ben-Menahem revealed.

The software giant released a security advisory on September 8th, 2009, informing end users of the fact that details on a previously unknown vulnerability affecting SMB 2.0 were available in the wild. At the time of the original announcement, Microsoft noted that it had not detected any attacks exploiting the security flaw. This detail has not changed since.

Windows Vista, Windows Server 2008 and Windows 7 RC have all been confirmed as affected by the vulnerability, unlike Windows 7 RTM, Windows Server 2008 R2, Windows XP and Windows 2000. Customers running Forefront TMG Network Inspection System are also safe from potential exploits.

“A remote code execution vulnerability that exists in the way that Microsoft Server Message Block 2 (SMB2) Protocol parses SMB negotiation requests surfaced and immediately became a candidate for a NIS signature. As described by the Microsoft Security Response Center (MSRC) advisory the severity of the vulnerability is critical and the potential damage from an exploit of the vulnerability is significant, which emphasized the need for a technology such as NIS for our customers,” Ben-Menahem added.