Microsoft Investigating Windows 7 SMB Crash Bug

Published by: PC World
Written by: Erik Larkin

A new security advisory from Microsoft shines the light on a denial-of-service bug in Windows 7 and Server 2008 that could be hit to crash the system but not cause other harm.

The flaw in the Server Message Block (SMB) protocol only affects Windows 7 and Server 2008, and is unrelated to the previously fixed MS09-050 flaw affecting SMBv2, according to the Internet Storm Center. Microsoft says it does not yet know of any attacks against the flaw, but it has seen "public, detailed exploit code that would cause a system to stop functioning or become unreliable." A patch is not yet availabe.

In addition to sending a specially crafted attack packet from another computer on the network, an attacker could also target the flaw via a malicious Web site. Browsing the site could force a vulnerable system to make an SMB connection to an attacker-controlled server, which would crash the system "regardless of browser type," according to the security advisory.

Currently, the vulnerability only allows for freezing the system, which then requires a manual reboot. It does not allow for running commands or installing malware. Closing off ports 139 and 445 at the firewall may protect against potential attack, according to the advisory, but blocking off the ports entirely would also block file- and printer-sharing in your own network.

"*" indicates required fields