Microsoft fixes holes in Server Message Block

Microsoft releases security update to fix weaknesses in the network file-sharing protocol used in Windows.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
2 min read

Updated at 12:50 p.m. PST to clarify that Windows Vista and Server 2008 are not affected by the SMB Buffer Overflow Remote Code Execution vulnerability, but are affected by the other two vulnerabilities.

Microsoft on Tuesday released a security update that fixes three vulnerabilities in the Windows network file-sharing protocol Server Message Block (SMB) that could allow an attacker to remotely take complete control of a system.

Microsoft Security Bulletin MS09-001, part of the Patch Tuesday bulletin for January, is rated critical for Microsoft Windows 2000, Windows XP and Windows Server 2003, and moderate for Windows Vista and Windows Server 2008. Windows Vista and Windows Server 2008 are not affected by the SMB Buffer Overflow Remote Code Execution vulnerability.

The buffer overflow remote code execution vulnerability arises from the way the SMB protocol handles specially crafted SMB packets. Meanwhile, an attempt to exploit the SMB Validation Remote Code Execution Vulnerability would not require a user name or password. Most attempts to exploit those weaknesses would result in a system denial of service, however remote code execution is "theoretically possible," Microsoft said.

Using a firewall and having a minimum number of ports open can help protect networks against attacks, the company said.

"Blocking TCP ports 139 and 445 at the firewall will help protect systems that are behind that firewall from attempts to exploit this vulnerability," the bulletin says. "Microsoft recommends that you block all unsolicited inbound communication from the Internet to help prevent attacks that may use other ports."

Blocking connectivity to the ports may interfere with the function of certain services, including file and print sharing, fax, computer browser, and net log-on.

The SMB Buffer Overflow Remote Code Execution and SMB Validation Remote Code Execution vulnerabilities were reported by an anonymous researcher working with TippingPoint and the Zero Day Initiative. The SMB Validation Denial of Service vulnerability had been publicly reported.

Microsoft had issued a notice on Thursday saying it would issue one security update on Patch Tuesday. A Webcast is scheduled for 11 a.m. PST on Wednesday.