Vista - New flaw can crash Windows Vista and Server 2008 remotely (Updated)

By Emil Protalinski.

Redmond is investigating reports that a newly discovered flaw in Microsoft's implementation of the Server Message Block 2 (SMB2) protocol, an extension of the conventional server message block protocol, can be exploited to remotely crash and restart computers running Windows Vista or Windows 7. The attack does not require authentication, but port 445 of the target system must be open, and on Windows it is open by default. Laurent Gaffié, who discovered the vulnerability, has contacted Microsoft, noting that the only solution he can think of is to turn off the SMB feature and close port 445.

Article link -
New flaw can crash Windows Vista and Server 2008 remotely (Updated) - Ars Technica

MSRC have released details of Security Advisory 975497, here;


The Microsoft Security Response Center (MSRC) : Microsoft Security Advisory 975497 Released

...and expanded further with details of;

Microsoft Security Advisory (975497); Vulnerabilities in Microsoft SMB (Server Message Block) Could Allow Remote Code Execution.

This advisory is detailed, with information about affected and unaffected software. This is an extract from the advisory, of some of the affected software;

Affected Software; Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2

The advisory also has extensive information on workarounds for the vulnerability. It is stressed that the workarounds do not provide a solution for the issue, but can afford some interim security by helping to block known attack sources, before an update to fix the problem, is issued. These details can be read by clicking onto "Advisory 975497" in the first sentence of the advisory.