nCircle VERT Blog

SMB2 Vulnerability -- Affected Platforms

Hey All, just a brief blog post here to outline what we're seeing with regards to the SMB2 vulnerability.

We've tested the these platforms with the following results:

Vista SP1 - Crash
Server 2008 SP2 - Crash
Windows 7 RC - Crash
Windows 7 RTM - No Crash
Server 2008 R2 RC - Crash
Server 2008 R2 RTM - No Crash

We've also had reports that others are seeing the same with Win7/2K8R2. It looks like it's only the RC that is affected.

Posted by Tyler Reguly on September 8, 2009 3:23 PM |

TrackBack

TrackBack URL for this entry:
http://blog.ncircle.com/cgi-bin/mt-tb.cgi/361

Comments (3)

Laura Chappell:

Great work! We put out a Wireshark filter and some trace files to test it against over at www.chappellseminars.com/projects.html.

Laura Chappell

Posted by Laura Chappell | September 8, 2009 4:46 PM

Posted on September 8, 2009 16:46

Eric "SecRunner" Irvin:

I had similar results earlier today with some of our test machines. It's pretty deadly as that single packet kills the entire OS. There are some emerging threat sigs out there for snort-users but don't expect a windows patch for another week or two.

Posted by Eric "SecRunner" Irvin | September 8, 2009 7:12 PM

Posted on September 8, 2009 19:12

Ross Barrett:

I don't see what the big deal is... MSFT told everyone that denial of service is not a security issue, right? ;)

Posted by Ross Barrett | September 9, 2009 11:33 AM

Posted on September 9, 2009 11:33

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Verification (needed to reduce spam):


About

This page contains a single entry from the blog posted on September 8, 2009 3:23 PM.

The previous post in this blog was Vista/Windows 7 SMB Blue Screen of Death.

The next post in this blog is The Little Things.

Many more can be found on the main index page or by looking through the archives.



Bio

Blog: VERT
Author: nCircle VERT

nCircle VERT is the research team behind nCircle, continuously publishing updates for nCircle IP360 and nCircle's family of products. VERT conducts deep research across a broad class of network security intelligence, creating unique, agentless detection for: vunerabilities, host configurations, applications, services, user accounts, operating systems, and other network security conditions. Members of the group use this blog to share their opinions on the security industry, emerging threats, technology trends, and the world at large.


Search

   


Recent Posts

   

Archives

   

Categories