Alert - Microsoft Security Advisory 977544 Released

[Dr.Melzer 191]

Microsoft untersucht derzeit eine gemeldete Sicherheitsanfälligkeit im Microsoft Server Message Block (SMB) Protocol.

 

Weitere Infos unten (engl.) oder demnächst auf http://www.microsoft.com/germany/technet/sicherheit/empfehlungen/default.mspx (dt).

 

What is the purpose of this alert?

This alert is to notify you that Microsoft has released Security Advisory 977544 - Vulnerabilities in SMB Could Allow Denial of Service - on November 13, 2009.

 

SUMMARY

 

Microsoft is investigating new public reports of a possible denial of service vulnerability in the Server Message Block (SMB) protocol. This vulnerability cannot be used to take control of or install malicious software on a user’s system. However, Microsoft is aware that detailed exploit code has been published for the vulnerability. Microsoft is not currently aware of active attacks that use this exploit code or of customer impact at this time. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.

 

We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.

 

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

 

MITIGATING FACTORS

 

Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. In this case, the SMB ports should be blocked from the Internet.

[Dr.Melzer 191]

Fortsetzung

AFFECTED AND NON-AFFECTED SOFTWARE

 

The security advisory discusses the following software.

 

Affected Software

Windows 7 for 32-bit Systems

Windows 7 for x64-based Systems

Windows Server 2008 R2 for x64-based Systems*

Windows Server 2008 R2 for Itanium-based Systems

Non-Affected Software

Microsoft Windows 2000 Service Pack 4

Windows XP Service Pack 2 and Windows XP Service Pack 3

Windows XP Professional x64 Edition Service Pack 2

Windows Server 2003 Service Pack 2

Windows Server 2003 x64 Edition Service Pack 2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

 

*Server Core installation affected. This advisory applies to supported editions of Windows Server 2008 R2 as indicated, whether or not installed using the Server Core installation option. For more information on this installation option, see the MSDN article, Server Core for Windows Server 2008 R2. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 R2; see Compare Server Core Installation Options.

 

RECOMMENDATIONS

 

Review Microsoft Security Advisory 977544 for an overview of the issue, details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQs), and links to additional resources.

 

Customers who believe they are affected can contact Customer Service and Support (CSS) in North America for help with security update issues or viruses at no charge using the PC Safety line (866) PCSAFETY. International customers can contact Customer Service and Support by using any method found at Worldwide Computer Security Information - Microsoft Security.

 

ADDITIONAL RESOURCES

 

• Microsoft Security Advisory 977544 - Vulnerabilities in SMB Could Allow Denial of Service: Microsoft Security Advisory (977544): Vulnerability in SMB Could Allow Denial of Service

 

• Microsoft Security Response Center (MSRC) Blog: The Microsoft Security Response Center (MSRC)

 

• Microsoft Malware Protection Center (MMPC) Blog: Microsoft Malware Protection Center

 

• Microsoft Security Research & Defense (SRD) Blog: Security Research & Defense

 

• Microsoft Security Development Lifecycle (SDL) Blog: The Security Development Lifecycle

 

REGARDING INFORMATION CONSISTENCY

 

We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.

 

Thank you,

Microsoft CSS Security Team