Thursday, September 10, 2009
Race is On to Patch Critical Windows Flaw
The flaw impacts Windows Vista and Windows Server 2008 systems. Windows Server 2008 R2 is not affected, and Microsoft resolved the flaw in the RTM version of Windows 7, but systems using Windows 7 RC are vulnerable as well.
The issue lies in the Windows network file sharing protocol, SMB (server message block). Initial proof-of-concept attacks simply resulted in system crashes- the infamous (or is it notorious?) Blue Screen of Death. However security experts have determined that it is possible to leverage this flaw to execute malicious code remotely on vulnerable systems. Microsoft updated the Security Advisory to acknowledge the potential threat.
Microsoft will certainly be rushing to develop, test, and release a patch for affected systems. That means the clock is ticking and the race is on. Malware developers have a window of opportunity to take advantage of this vulnerability and develop a Conficker-like worm able to spread and infect systems without any user intervention.
The fact that this vulnerability is limited to Windows Vista (and Windows 7 RC) desktops means that only about 30 percent of the Windows desktops are potential targets. For once the sluggish acceptance of Windows Vista is a good thing.
If you are using Windows Vista (or Windows 7 RC), you need to take some steps to protect yourself during the window of opportunity. You don't want to get caught with your proverbial pants down while waiting for a patch from Microsoft.
The simplest solution would seem to be to upgrade. Microsoft made evaluation versions of Windows 7 RTM available last week. You could download the evaluation and upgrade, but be warned that you will have to actually buy Windows 7 by the time your evaluation period is up, and that moving from the evaluation to the official release requires installing everything from scratch.
If upgrading seems like too much of a burden, or just doesn't seem practical for you, there are some other mitigating steps you can take. First, you can disable the SMB service on vulnerable systems. Doing so will protect the system from any potential exploit of this vulnerability, but will also prevent the system from being able to access network resources.
Another solution is to ensure that TCP ports 139 and 445 are blocked at the network firewall. This solution will prevent SMB traffic from external sources while still allowing the vulnerable systems to access network resources internally.