On the heels of last week’s release of exploit code for a crippling denial-of-service vulnerability in Windows 7 and Windows Server 2008 R2, Microsoft has issued a security advisory to confirm the issue and offer pre-patch mitigations.
The flaw, in the Microsoft Server Message Block (SMB) Protocol which affects SMBv1 and SMBv2, could cause a system to stop functioning or become unreliable, Microsoft said, describing the published exploit code as “detailed.”
There is no risk of code execution that would allow an attacker to take control of, or install malware on, the customer’s system, the company said. Default firewall settings on Windows 7 will help block attempts to exploit this vulnerability.
In the absence of a patch, Microsoft recommends:
- Block TCP ports 139 and 445 at the firewall: These ports
are used to initiate a connection with the affected component. Blocking
TCP ports 139 and 445 at the firewall will help protect systems that
are behind that firewall from attempts to exploit this vulnerability.
Microsoft recommends that you block all SMB communications to and from
the Internet to help prevent attacks. For more information about ports,
see TCP and UDP Port Assignments.
More information on the vulnerability available here.