SMB2 Flaw Can Cause Remote Crashes on Windows Vista, Server 2008Category: Operating Systems
Posted: September 9, 2009 01:12PM
A flaw in Microsoft's implementation of the Server Message Block 2 protocol could allow computers running Windows Vista or Server 2008 (but not R2) to be crashed and restarted remotely. Microsoft has noted that these are the only OS versions affected, though apparently the problem is also present in the Windows 7 RC. The vulnerability is caused by the implementation of the SMB protocol not correctly parsing negotiation requests, which will likely result in the system becoming unresponsive and restarting. However, in some cases it could potentially lead to an attacker gaining control of the affected system. A security update is currently in the works, but if you want to do something about it in the mean time, Microsoft is recommending disabling SMB v2 and blocking TCP ports 139 and 445 (though if you are serious about security you are probably blocking all unsolicited inbound traffic already, right?).