14 DAY TRIAL // Microsoft has confirmed that a zero-day vulnerability in Server Message Block (SMB) Protocol could allow for remote code execution in the eventuality of successful attacks. Various Windows releases are affected, the company informed; however, this is not the case of Windows 7 RTM Build 6.1.7600.16385, or the gold milestone of Windows server 2008 R2. Still, Microsoft noted that it had not detected any attacks targeting the specific SMB 2.0 security flaw and that it was not aware of customer impact.
In addition to Windows 7 RTM and Windows Server 2008 R2, the software giant also revealed that customers running the following operating systems are also not affected by the 0-day security hole: Windows XP and Windows 2000. The same is not valid for Windows Vista RTM/SP1/SP2 and Windows Server 2008 RTM-SP1/SP2. And while Windows 7 RTM does not contain the vulnerable code, the Release Candidate version, Build 7100, did not dodge the vulnerability. This means that testers running Windows 7 RC are just as exposed to potential attacks, if any, as users of Vista and Windows Server 2008.
“Microsoft is not currently aware of any attacks using this vulnerability. Microsoft recommends customers [to] review and implement the workarounds outlined in the security advisory. More information on suggested actions can also be found in Microsoft Knowledge Base Article 975497. While these workarounds do not completely mitigate the threat, we’re currently investigating the issue as part of our Software Security Incident Response Process (SSIRP) and working to develop a security update. This update will be released once it reaches an appropriate level of quality for broad distribution,” promised Christopher Budd, security response communications lead for Microsoft.
At the time of writing this article, KB975497 wasn’t live, but I am sure that Microsoft will correct this aspect soon. Meanwhile, the company has enumerated a number of workarounds in Microsoft Security Advisory (975497) which can be applied immediately. Vista, Windows Server 2008 and Windows 7 RC users can disable SMB v2 and block TCP ports 139 and 445 at the firewall. But as I have already stated, no attacks were detected leveraging exploits designed to take advantage of this specific SMB 2.0 zero-day vulnerability.
“Also, this vulnerability was not responsibly disclosed to Microsoft and may put computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed,” Budd added.