A new security vulnerability involving the Server Message Block protocol, used for Windows file-sharing, can allow a remote attacker to take control of a vulnerable Vista, Server 2008 or Windows 7 RC computer, in addition to causing it to crash as previously reported.
Security researchers found that the bug could be hit to cause the venerable Blue Screen of Death computer crash if a PC has file sharing enabled. But in Security Advisory 975497, released yesterday, Microsoft wrote that “an attacker who successfully exploited this vulnerability could take complete control of an affected system. Most attempts to exploit this vulnerability will cause an affected system to stop responding and restart.”
A hole that allows for assuming control of a computer from across a network is about as bad as it gets, and I’ve asked for confirmation from Microsoft that this is in fact possible with this SMB flaw. Windows XP, 2000 and Server 2008 R2 are not at risk, nor is Windows 7 RTM.
Microsoft says that it is not yet aware of active attacks, but if they do come, they’ll consist of network traffic sent to ports 139 and/or 445 on the victim PC. A firewall that blocks access to those ports will mitigate the threat, and the majority of home users should already have a firewall in place that blocks attempts to reach those ports from the Internet. However, the flaw could allow to-be-created worms to spread rapidly among business networks that typically allow widespread file sharing.
Given the high risk, Microsoft may well release an out-of-bands patch to close this serious hole. In the meantime, its security advisory lists a workaround to disable SMB v2 by editing the registry. Doing so would presumably disable file sharing, and should probably only be attempted by IT admins and other techies. The other option is to block all access to those ports at the firewall (which would also block file-sharing), and then re-enable access after applying an eventual patch.