Operating systems that are not affected include Windows XP, Windows 7 final and Windows Server 2003. No patch is currently available to fix the vulnerability. Microsoft has published workarounds to protect the operating system from possible attacks.

Disable SMB v2

To modify the registry key, perform the following steps:

Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the “Changing Keys And Values” Help topic in Registry Editor (Regedit.exe) or view the “Add and Delete Information in the Registry” and “Edit Registry Data” Help topics in Regedt32.exe.

1. Click Start, click Run, type Regedit in the Open box, and then click OK.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
3. Click LanmanServer.
4. Click Parameters.
5. Right-click to add a new DWORD (32 bit) Value.
6. Enter smb2 in the Name data field, and change the Value data field to 0.
7. Exit.
8. Restart the “Server” service by performing one of the following:
- Open up the computer management MMC, navigate to Services and Applications, click Services, right-click the Server service name and click Restart. Answer Yes in the pop-up menu.
- From a command prompt and with administrator privileges, type net stop server and then net start server.

Impact of workaround. Host will not be able to communicate using SMB2.

Block TCP ports 139 and 445 at the firewall

These ports are used to initiate a connection with the affected component. Blocking TCP ports 139 and 445 at the firewall will help protect systems that are behind that firewall from attempts to exploit this vulnerability. Microsoft recommends that you block all unsolicited inbound communication from the Internet to help prevent attacks that may use other ports. For more information about ports, see TCP and UDP Port Assignments.

Impact of Workaround: Several Windows services use the affected ports. Blocking connectivity to the ports may cause various applications or services to not function. Some of the applications or services that could be impacted are listed below:

• Applications that use SMB (CIFS)
• Applications that use mailslots or named pipes (RPC over SMB)
• Server (File and Print Sharing)
• Group Policy
• Net Logon
• Distributed File System (DFS)
• Terminal Server Licensing
• Print Spooler
• Computer Browser
• Remote Procedure Call Locator
• Fax Service
• Indexing Service
• Performance Logs and Alerts
• Systems Management Server
• License Logging Service

Users that are running one of the operating systems that are affected by the vulnerability are encouraged to use one of the workarounds to protect their computer systems. More information are available at the Microsoft Security Advisory page.

Related posts

• Windows Vista Editions – Do you know the differences ? (6)
• Windows 7 To Launch October 22 (5)
• Windows 7 Released (5)
• Windows 7 Price, Upgrades And Preorders (15)
• Windows 7 Features Video (4)

The security bulletin resolves three vulnerabilities in Microsoft Server Message Block (SMB) Protocol which could allow remote code execution on affected systems. An attacker could run programs, create new user accounts and view, change or delete data on the computer system. It is interesting to note that Windows 7 is affected as well even though it is not mentioned in the security bulletin.

The security vulnerability would be rated as moderate for the upcoming operating system which is why Microsoft will not provide a patch at the current time (They chose to only patch critical security vulnerabilities immediately). A patch will be released with the next public release of Windows 7.

Patches can be applied as usual through the various official update channels.

Related posts

• Offline Update 6 Adds Linux Support (3)
• Microsoft Security Updates April 2009 (2)
• Windows Update Fix (3)
• Microsoft Patch Day March 2009 (4)
• Windows XP Service Pack 3 Uxtheme.dll patch (41)