backtop


Print 32 comment(s) - last by BruceLeet.. on Nov 15 at 5:15 PM

Problems with SMB have persisted since Windows 7's RC phase

Windows 7 is arguably much more secure than its predecessor, Windows Vista, with more robust memory protections against attacks and with the wide availability of Microsoft's free antivirus suite, Microsoft Security Essentials.  Many possibly exploitable vulnerabilities were found and removed during the unprecedented public testing phase as well.

However, challenges remain for Windows 7.  A recent report found that the OS's UAC was less robust than Vista's and allowed 7 of 10 pieces of malware to be freely installed.  Now, following Microsoft's monthly Patch Tuesday a familiar problem has returned.

The Windows SMB (Server Message Block) protocol has had problems ever since the discovery during the OS's public testing phase of a supposedly show-stopping bug that could, according to some sources, cause Windows 7 to blue screen.  Now another SMB bug, which throws Windows 7 into an infinite loop forcing a reset, has reared its ugly head.

The bug was publicized by researcher Laurent Gaffie on the Full Disclosure mailing listAccording to Tyler Reguly, Lead Security Research Engineer of security firm nCircle, the vast majority of home users are unlikely to be threatened by the bug.  The bug's main route of attack occurs when you type in the IP of a server in the search box and accidentally navigate to a Windows Share on a malicious server.  As most casual users are unlikely to have a clue how to navigate to server shares or even know what server shares are, chances are they won't be affected.

The vulnerability applies to both Windows 7 and Windows Server 2008 R2.  Currently there are no reports of attacks in the wild, but proof-of-concept attacks have been aired.  One key thing that makes this bug unlikely to be largely used by hackers is that it is unable to grant any sort of system access and can, in essence, only be used to create annoyance -- forcing the user to reset their machine.

It is also extremely easy to block external SMB traffic to rule out the chance of it swamping your machine.  Simply block ports 135 to 139 and 445 on your router or firewall and you'll prevent external SMB traffic from entering your system and potentially causing harm.  While this bug seems relatively harmless, given the history of problems with the SMB since the test candidate phase, it seems a good idea to put these blocks in place if you don't need to use SMB traffic to external sources.

Even if you block the ports, there is still a remote chance that you could be affected, via viewing a webpage in Internet Explorer.  States Mr. Gaffie, "There is an Internet Explorer-based attack vector. By including a file stored on a share in the HTML of the web page the flaw can be triggered. But, once again the result is a denial of service."

Using Firefox, Chrome, Opera, or other third-party browser may help negate this route of attack.

Microsoft is currently investigating the bug.  It bills Windows 7 as its most secure operating system to date and has committed itself to fight tough in the war against malicious users.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Who Cares?
By William Gaatjes on 11/15/2009 4:40:15 AM , Rating: 2
quote:
I'd go so far as to suggest its inevitable that bugs will be found.


I am happy not everybody thinks like that. Or humanity will fail. For "look at me " items that have to be manufactured as cheap as possible it is inevitable that software flaws arise. Cost cutting decisions to create profit have that effect. However, when it needs to work, it will just work. Proper coding delivers proper material. And the first thing new programmers should learn is that when there is communication, there is a parser checking the format of the used communication protocol. Making sure there are boundaries that cannot be crossed.


"If a man really wants to make a million dollars, the best way would be to start his own religion." -- Scientology founder L. Ron. Hubbard














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki