On Tuesday, some no-good hackers decided to post a vulnerability, complete with a proof-of-concept Python script, that can remotely crash any Windows-based computer that has the SMB 2.0 network protocol enabled, which includes any system running Windows Vista or later. So like anybody with a bunch of free time would do, I cracked open a couple of VM’s and had some BSoD fun with Vista but noticed that 7 didn’t budge whenever I sent the exploit packets, so I suspected that they probably tested the RC version against this exploit
Well my gut feeling was right, and Microsoft released a security advisory later that day stating that it only affected Windows Vista and Server 2008, as well as the Windows 7 RC, but no mention of the 7 RTM (or Server 2008 R2). Plus, the scope was narrowed further when it was revealed that Public network locations were unaffected (they blocked incoming connections anyway). So nothing that bad to get riled over.
Of course, until a hotfix is released, if you’d like to completely protect yourself from the exploit you can follow the directions to either
- Block ports 139 and 445 from inbound connections using a firewall
- Disable the SMB2 driver
- Both (why not? unless you’re actively using file/printer sharing)
Follow Bryant on Twitter! 
