We usually don’t report on security flaws, unless they’re on platforms that usually don’t see such flaws, or when the flaw in question is pretty serious. Well, a new zero-day flaw has been discovered in Windows Vista and Windows 7 which will trigger a blue screen of death using the new SMB 2.0 protocol. Update: Windows 7 RTM and Windows Server 2008 R2 are not affected by the flaw. So, this is less of a problem than expected.
For Windows Vista, Microsoft rewrote its Server Message Block protocol, introducing the rewritten variant as version 2.0. This new version came with several improvements, but the most important one is that multiple actions could be grouped into a single request, which reduced the amount of round trips between client and server, improving performance.
An additional benefit – maybe even more important from Microsoft’s perspective – is that SMB 2.0 shed the intellectual property issues which surrounded SMB 1.0. SMB 1.0 was originally designed by IBM, and shipped in non-Windows operating systems as well, such as VMS and OS/2.
This new version, as it turns out, introduces a flaw which enables behaviour which the Windows platform hasn’t seen since 1999: a malformed network negotiation request can trigger a Windows machine to show a blue screen of death. While not confirmed just yet, initial reports indicate that it might also be used to execute code remotely. Microsoft has been made aware of the flaw, but no patch is yet available. The only possible solution is to disable SMB 2.0.
All versions of Windows Vista and Windows 7 are vulnerable; whether you are fully patched or not; whether you run in 32bit or 64 bit; you will be affected. This is of course a pretty bad time for such a flaw to be revealed, this close to the imminent release of Windows 7.