Immediate Protection for Unpatched Microsoft Windows SMB Negotiate Request Remote Code Execution
 |
 |
 |
 |
 |
A remote code execution vulnerability has been reported in the Microsoft Server Message Block (SMB) Protocol. There is currently no patch from Microsoft for this well-known vulnerability. A remote attacker may easily exploit this vulnerability to take complete control of an affected system.
The SMB Protocol is a network file sharing protocol that is implemented in Microsoft Windows.
The vulnerability is due to a memory corruption error in the Microsoft Server Message Block (SMB) implementation in Windows Server 2008 and Windows Vista. This causes incorrect indexing of an array when handling specially crafted SMB packets, leading to a failure to properly parse SMB negotiation requests. A remote attacker could exploit this flaw via a specially crafted SMB negotiation request. Successful exploitation can cause a denial of service condition and may allow execution of arbitrary code on the target system without any authentication. Even unsuccessful attempts to exploit this vulnerability can cause an affected system to stop responding and restart.
Although at the time of this writing there is no patch available from Microsoft, Check Point provides immediate protection through IPS Software Blade, SmartDefense, and IPS-1. This protection will detect and block malformed SMB negotiation requests. See CPAI-2009-194.