Wednesday, September 9, 2009

SMB2 - Breaking Windows From Afar

Creative Commons Attribution License Photo courtesy Justus Hayes / Shoes on Wires /

Announcements have been making the rounds about vulnerabilities in Windows Vista and Windows 7's implementation of SMB, SMB2. As posted on Full Disclosure, this version of SMB "SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionnality.", which results in a remotely initiated crash for any Vista or Windows 7 machine with exposed SMB services.

Older versions of Windows, including 2000 and XP are not affected, as they do not use the new SRV2.SYS driver.

Another good reminder that SMB shouldn't be exposed on workstations in general, and that if it must be available, that it should be locked down to prevent access beyond your local trusted networks or workgroup.

No comments: