SMB File Sharing Protocol Flaw Published Before Patched

By Richard Anderson

A SMB file sharing protocol flaw in Windows has been publicly disclosed 12 days before a patch to correct the issue will be released by Microsoft. According to the researcher who published details of the flaw – Laurent Gaffié – Microsoft has known about the issue for 3 months yet has so far failed to patch the vulnerability.

If the SMB file sharing protocol flaw is exploited, an attacker would be able to crash Windows 10 and 8.1 machines, although at present no reports have been received to suggest the flaw could be exploited to allow remote code execution.

The flaw is a memory corruption vulnerability in the way that the latest two Windows versions handle Server Message Block (SMB) traffic. If an attacker were to send a specially crafted message from their server, it would be possible to trigger a buffer overflow condition. By doing so they would cause the attacked system to crash and reboot.

This is not the first SMB file sharing protocol flaw to have been discovered, in fact there have been several issues with the protocol over the past few years.

The SMB file sharing protocol flaw has prompted US-CERT and other organizations to issue security warnings in the past few days following the publication of a proof-of-concept exploit on GitHub. The bug could potentially be exploited on enterprise computers, although the greatest risk is to home and small business users.

The vulnerability is easy to exploit. All that is required is to trick users into visiting a malicious server, either using a link in an email, a website redirect, or a link on a webpage.

Preventing exploitation of the flaw is problematic, although it is possible to minimize risk by blocking outbound SMB connections on TCP ports 139 and 145 and UDP ports 137 and 138. Most enterprises will already be blocking outbound connections on these ports, but small businesses and home users may not be.

Microsoft has changed its patching policy and is now only issuing patches for its products on the second Tuesday of each month. That is unlikely to change to address this flaw, although if details emerge that the flaw is being actively exploited in the wild, Microsoft may decide to bring forward the update.

As it stands, Microsoft will be patching the SMB file sharing protocol flaw this coming Patch Tuesday.

Twitter Facebook LinkedIn Reddit Link copied to clipboard

Posted by

Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news