|« View all Symantec Security Threatcon Articles
Symantec Security Threatcon Status for 2009-10-01
The DeepSight Threat Analysis Team is tracking a remotely exploitable vulnerability affecting the SMB kernel component ('srv2.sys'). Microsoft has reported that Windows Vista (SP1 and SP2) and Windows Server 2008 are affected. Reportedly, some beta builds of Windows 7 may also be affected.
This vulnerability would allow an attacker to gain control of an affected system remotely if not blocked by a firewall. On September 28, 2009, a remote code-execution exploit Metasploit module was released publicly. Attackers may be able to convert this module into other exploits and use it in the wild.
We strongly advise users to block TCP port 445 immediately until patches are available. The researcher who discovered the flaw has stated that file sharing must be enabled for the issue to be exploited. Unless file sharing is explicitly required, users should disable it.
Microsoft Windows SMB2 'SRV2.SYS' Denial of Service Vulnerability