HOME > Security Info
| No. | Title | Date | ||
|---|---|---|---|---|
| 17 | Microsoft Security Advisory for September | 09/10/09 |
1. Microsoft Security Advisory (975497)
Vulnerabilities in SMB Could Allow Remote Code Execution
1. Summary
In case of clients which is installed below affected software or server's SMB2 module receives specially modified SMB packets, remote code execution or BSOD could happen easily. By exploiting this method, attacker could have authority same as local users.
2. Affected Softwares
- Windows Vista, SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
3. Suggest for temporary solution
Due to the patches for this vulnerability haven't released yet, there is a temporary solution which is blocking TCP 139, 445 ports by using Firewall.
(TCP 139, 445 ports are used for network file/printer shared protocol in Microsoft Windows, thus after blocking the ports, user can't use the network file/printer shared functions and even SMB used softwares, either.)
Link: http://www.microsoft.com/technet/security/advisory/975497.mspx
