October 01, 2009, 11:50 AM — If you want to share files and printers over your network, chances are you use SMB (Server Message Block) either on Windows or Samba. Microsoft, which lost control of SMB a while back, decided a new protocol which could they own: SMB2. There's only one little problem with it. It's not nearly as secure as plain old SMB.
The hole in SMB2 was discovered only a few weeks ago on September 7th, but everyone knew it would be easy to exploit. Everyone was right.
While there has have been earlier attack code out in the wild, on September 28th, Harmony Security senior researcher Stephen Fewer released code that lets anyone try to run unauthorized software on a Windows Vista, Server 2008, and early pre-releases of Windows 7.
And has Microsoft rushed to the rescue? Nope. In fact, experts think that the earliest Microsoft will be able to fix the problem will be on the next Patch Tuesday, October 13th. In the meantime, Microsoft recommends that you should just turn SMB2 off.
I have an even better solution. Since SMB2 doesn't add any real functionality to Windows that SMB hasn't given it for years, why not just leave SMB2 off? As it is, it's just another attack surface, and, rubbing salt into the wound, I've found that it gets in the way of using older server operating systems, like Windows Server 2003, and NAS (network attached storage) devices that only support SMB.
It seems like a no-brainer to me. Security 101 says turn off any network service that you're not using. Since SMB2 just duplicates SMB's safer services, I see no reason to use it and expose my systems to potential attackers.
