No safety for SMB2 users yet
The Windows SMB2 security hole remains open and with malware out now that can take advantage of it, it's more dangerous than ever, but there's still no patch for it.
If you want to share files and printers over your network, chances are you use SMB (Server Message Block) either on Windows or Samba. Microsoft, which lost control of SMB a while back, decided a new protocol which could they own: SMB2. There's only one little problem with it. It's not nearly as secure as plain old SMB.
The hole in SMB2 was discovered only a few weeks ago on September 7th, but everyone knew it would be easy to exploit. Everyone was right.
While there has have been earlier attack code out in the wild, on September 28th, Harmony Security senior researcher Stephen Fewer released code that lets anyone try to run unauthorized software on a Windows Vista, Server 2008, and early pre-releases of Windows 7.
And has Microsoft rushed to the rescue? Nope. In fact, experts think that the earliest Microsoft will be able to fix the problem will be on the next Patch Tuesday, October 13th. In the meantime, Microsoft recommends that you should just turn SMB2 off.
I have an even better solution. Since SMB2 doesn't add any real functionality to Windows that SMB hasn't given it for years, why not just leave SMB2 off? As it is, it's just another attack surface, and, rubbing salt into the wound, I've found that it gets in the way of using older server operating systems, like Windows Server 2003, and NAS (network attached storage) devices that only support SMB.
It seems like a no-brainer to me. Security 101 says turn off any network service that you're not using. Since SMB2 just duplicates SMB's safer services, I see no reason to use it and expose my systems to potential attackers.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
I disagree
Since SMB2 doesn't add any real functionality to Windows that SMB hasn't given it for years, why not just leave SMB2 off?This is inaccurate. SMB is a chatty 20 year old protocol. SMB2 has significant performance gains.
While this has little effect in most organization's diverse networks, in a 2008/Vista/Win7 infrastructure there could be very noticeable differences for end-users, particularly those using VPN or other slow-links.