Vista/2008/Windows 7 SMB2 BSD 0Day

quote:

We have confirmed it affects Windows 7/Vista/Server 2008. The exploit needs no authentication, only file sharing enabled with one 1 packet to create a BSOD.

http://isc.sans.org/diary.html?storyid=7093

Hi nmb,

Windows XP is not affected because it does not have the driver. For the Operational Systems affected the standard advice of blocking ports 139 and 445 is pretty solid here, and another option for people (a standard step I take before attending any conferences) is to disable the server service,

polonus

yup… generally those server services are never used by novices… but are enabled buy default…

Microsoft Releases A “Fix it” Workaround For SMBv2 Vulnerability:

http://support.microsoft.com/kb/975497

or

http://blogs.technet.com/srd/archive/2009/09/18/update-on-the-smb-vulnerability.aspx

[via isc]