September 20, 2009, 5:01 PM — There's no real reason for SMB2, (Server Message Block 2), a Microsoft network file and print-sharing protocol that ships with Windows Vista, Windows Server 2008 and Windows 7, to exist. All it does is duplicate the basic network file and print functionality that Windows has provided for over a decade. But, SMB2 is in there, it is broken, and, now it can be used to take over PCs.
Microsoft admits that the problem is real. Mark Wodrich and Jonathan Ness, part of the MSRC (Microsoft Security Response Center) engineering team wrote that an experimental exploit is already out and that it can gain "complete control of the targeted system and can be launched by an unauthenticated user." Just what you didn't need.
There is a way to fix it. Well, sort of. You have to turn SMB2 off. You can do that the hard way, by editing the Windows' registry, or, the easy way, by clicking on this "Fix it" link from a Vista, Server 2008, or pre-RTM versions of Windows 7 PC. But, if you do, and you use SMB2 to connect to network drives or printers, you're also going to lose the ability to use any of them. That will go over big in many businesses.
You can still use network drives and the like with SMB, and, if you're using Server 2003 or earlier servers or Samba servers for sharing files and printers, you're already using the older, more reliable and secure protocol. Only people who've moved entirely to Microsoft's latest and greatest network sharing protocol are in trouble.
If that's you, you should be OK because, by default, Server 2008 should fall back to SMB if SMB2 isn't available. I'd try the fix first on test Vista and Windows 7 PCs before rolling out the fix to all the client PCs. You don't want to start Monday morning, after all, by locking everyone out of their files.
If you're not using SMB2, you should still run the Microsoft 'Fix.' SMB2 is on by default in all three versions of Windows that it used on. Even if you don't use networking at all except to connect to the Internet, you should still turn off SMB2. Chances are your PC firewall-you are running one right?--will stop any attack using SMB2, but why take a chance?
The ironic thing about all this is that the real reason that Microsoft moved to SMB2, according to Wikipedia, is that they wanted a protocol that they didn't have to share with Samba or anyone else. Too bad on their own Microsoft couldn't get it right.
On my own computer network, which includes Vista, Windows 7, and Server 2008, I turn off Microsoft's recent network 'improvements' since they tend to get in the way of connecting with Samba-based servers and NAS (network attached storage) devices and even older versions of Windows. I have yet to see any problems coming from sticking with Windows' older networking protocols.
Microsoft assures users, as usual, that they'll issue a real fix real soon now. I'm not holding my breath. If all goes well you can expect to see a real fix by Patch Tuesday, the first Tuesday of the month, in October.
