Microsoft released a security advisory yesterday that describes a new security vulnerability affecting several Microsoft operating systems.
The article, which was posted only a few hours after the release of security patches for this month's patch-day affects the Microsoft Server Message Block (SMB) implementation.
The operating systems that are affected by the new vulnerability are Windows Vista, Windows Server 2008 and the Windows 7 Release Candidate.
Operating systems that are not affected include Windows XP, Windows 7 final and Windows Server 2003. No patch is currently available to fix the vulnerability. Microsoft has published workarounds to protect the operating system from possible attacks.
Disable SMB v2
To modify the registry key, perform the following steps:
Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.
1. Click Start, click Run, type Regedit in the Open box, and then click OK.
2. Locate and then click the following registry subkey:
3. Click LanmanServer.
4. Click Parameters.
5. Right-click to add a new DWORD (32 bit) Value.
6. Enter smb2 in the Name data field, and change the Value data field to 0.
8. Restart the "Server" service by performing one of the following:
- Open up the computer management MMC, navigate to Services and Applications, click Services, right-click the Server service name and click Restart. Answer Yes in the pop-up menu.
- From a command prompt and with administrator privileges, type net stop server and then net start server.
Impact of workaround. Host will not be able to communicate using SMB2.
Block TCP ports 139 and 445 at the firewall
These ports are used to initiate a connection with the affected component. Blocking TCP ports 139 and 445 at the firewall will help protect systems that are behind that firewall from attempts to exploit this vulnerability. Microsoft recommends that you block all unsolicited inbound communication from the Internet to help prevent attacks that may use other ports. For more information about ports, see TCP and UDP Port Assignments.
Impact of Workaround: Several Windows services use the affected ports. Blocking connectivity to the ports may cause various applications or services to not function. Some of the applications or services that could be impacted are listed below:
• Applications that use SMB (CIFS)
• Applications that use mailslots or named pipes (RPC over SMB)
• Server (File and Print Sharing)
• Group Policy
• Net Logon
• Distributed File System (DFS)
• Terminal Server Licensing
• Print Spooler
• Computer Browser
• Remote Procedure Call Locator
• Fax Service
• Indexing Service
• Performance Logs and Alerts
• Systems Management Server
• License Logging Service
Users who are running one of the operating systems that are affected by the vulnerability are encouraged to use one of the workarounds to protect their computer systems. More information are available at the Microsoft Security Advisory page.
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.