SMB2

You are currently browsing articles tagged SMB2.

Vista suffers another bullet to the chest

September 13, 2009 in security by Daniel Nyström | No comments

From Securityfocus:

An independent security consultant publicized this week the details to a critical flaw in the server message block version 2 (SMB2) component of Microsoft’s Windows Vista, Windows Server 2008, and the release candidate for Windows 7.

The researcher, Laurent Gaffié, claimed in his advisory that the vulnerability causes a Blue Screen of Death, a pernicious crash on Windows system, but other researchers have subsequently concluded that the flaw is actually remotely exploitable, a more serious issue.

And more from the same source (different article):

In December 2007, Microsoft patched the file- and printer-sharing functionality in Windows Vista to fix a medium-severity vulnerability. Unfortunately, the company inadvertently added a critical flaw, a security researcher said on Friday.

In an e-mail interview with SecurityFocus, Laurent Gaffié — the researcher that disclosed a critical flaw in Microsoft’s Server Message Block (SMB) version 2 code earlier this week — said that further research pinpointed the specific patch that added the vulnerability to Windows Vista. The patch, which fixed a remote execution flaw in SMBv2 signing, was rated Important by Microsoft because the vulnerable feature was not turned on by default. The vulnerability that the patch allegedly introduced could allow an attacker to exploit an affected system in its default configuration, which usually merits a Critical rating from Microsoft.

So, it seems that Microsoft has shipped yet another remotely exploitable security hole in their operating system(s). Hopefully it won’t be wormable to any greater extent, but we’ll find that out real soon.

This helps illustrate the point I tried to make in my last post, that no client machines can be trusted. They are all compromised sooner or later.

Also, if you are trying to be compliant with some policy, your risk ratings just peaked if you are using Vista… in particular if you have mobile workstations being carried in and out of your network. How do you manage that threat? Firewall port 139 and 445 on all clients, thereby loosing the possibility of remote administration and breaking functionality that might be needed by your business systems?

And this is just one hole… I sure hope that you have control over the Acrobat Reader’s and Flash installations on your clients ;)

Tags: , , , , ,