Microsoft has recently released patch MS08-068 – Another SMB remote code execution bug. It allows anyone who exploits the flaw to take control of that computer. If you have not gotten the patch yet – I would get it as soon as you can.
The disturbing part is that Microsoft knew about this flaw as far back as 2001. According to Microsoft, they held back on releasing a fix because it would immediately break many applications that require SMB signing. For example, on the MSRC blog, a Microsoft employee states:
…the impact would have been to render many (or nearly all) customers network-based applications then inoperable. For instance, an Outlook 2000 client wouldnt have been able to communicate with an Exchange 2000 server. We did say that customers who were concerned about this issue could use SMB signing as an effective mitigation…
I could buy that. IF IT ONLY AFFECTED WINDOWS XP. But the bug in question also affects Vista, 2008, and 64 bit releases. Many applications were simply broken with the release of Vista. Why not just allow them to break and keep them secure? And why does it take 7 years to figure out this application compatible work around?
In our remote programs, like remote reboot, or remote desktop enabler, we need to use 4 different methods to authenticate via SMB with a remote host…to cover all of the versions of Windows. Now I can understand why this is the case! Because the SMB server in windows is a spaghetti code mess that probably has 10 more security holes the hackers already know about, Microsoft knows about, but still has not found a fix for them yet!
Sorry for the rant, but if you do have an internet facing machine I suggest disabling file and printer sharing, and make double sure these ports are firewalled.
One more thing…Subscribe to my newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them. Click Here to get your free tools