Microsoft Investigating Windows Zero Day Vulnerability Report
handles file and print services
"Once we’re done investigating, we will take appropriate action to help protect customers," Jerry Bryant, group manager of response communications in the Microsoft Security Response Center (MSRC), said in an e-mail. "This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves."
French security research firm Vupen rated the security vulnerability as "critical," its highest severity rating, and said the flaw could be exploited by remote unauthenticated attackers or local unprivileged users to crash an affected system or execute arbitrary code with elevated privileges.
The security vulnerability, reported by researcher "Cupidon-3005," affects systems running Windows XP Service Pack 3 and Windows Server 2003 Standard Edition SP2, according to Vupen, which recommends blocking or filtering UDP and TCP ports 138, 139 and 44 until Microsoft issues a fix.
SMB is a problematic protocol, according to Andrew Plato, president of Beaverton, Ore.-based Anitian Enterprise Security. "It has a lot of hooks into the Windows OS and offers a very broad attack surface," he said in an interview. "This will most likely wind up as a way for malware to spread in an environment. It offers a new vector of attack in an environment."
If the flaw only affects Windows XP and Windows Server 2003, its impact would be lessened somewhat. However, despite Microsoft's efforts to get customers to migrate to Windows 7, XP is still probably the most prevalent Windows platform in use at this time, Plato said.
Also, because the vulnerability affects only Windows SMB, remote exploits are unlikely for organizations that have set up their firewalls to block Windows File Sharing, he added.
"As always this underscores the need for all the security fundamentals like firewalls, antivirus, intrusion prevention and patching," Plato said.