OS/Platform/Application:

Microsoft Windows Vista
Microsoft Windows 7
Microsoft Server 2008

Category: ALERT
Severity: HIGH
Attention: Windows users, System Administrators, Desktop Support Personnel.

Summary: Numerous Internet security resources are reporting the existence of a vulnerability in Windows Vista/7/Server 2008. The vulnerability pertains to the handling of the SMB protocol (integral to file and printer sharing) and can be exploited by remote attackers.  Successful exploitation could result in Denial of Service (DoS), system crash, or takeover of a vulnerable computer.

At the time of this writing (11:15 AM 9/8/09) no patch has been supplied by Microsoft to fix this issue and it is uncertain if the issue will be addressed by the September bulletin release (scheduled for later today).

Recommended Actions: Disabling File and Printer sharing and/or blocking the common SMB network ports will block the common avenue of exploit for this threat.  Windows Vista/7/Server 2008 users are encouraged to make sure their firewalls are operating properly and blocking ports 135 and 445.  File and printer sharing should be disabled on computers that do not to run need to to run these services.

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: Ports 135 and 445 are blocked on the University's Internet connection.

Resources:

Vupen Advisory:
http://www.vupen.com/english/advisories/2009/2561