Temporary workaround for Windows SMBv2 zero-day

The Windows SMBv2 zero-day vulnerability (disclosed vulnerability with no software fix) appears to be more dangerous than initially thought.  The vulnerability does not affect the Release to Manufacturing (RTM) version of Windows 7 or Windows Server 2008 R2, but it does affects Windows Vista and Windows Server 2008.  The danger is no longer just a system crash or reboot, it can lead to a full system compromise.

In the absence of a patch, Microsoft released some instructions for disabling SMBv2.  For your convenience, I’ve packaged two REG files that you can download that enable and disable SMBv2 in Windows Vista and Windows Server 2008.  So until a software patch is available, you need to disable SMBv2 double clicking the disable-SMBv2.reg file and then rebooting.  The workaround does not break your ability to serve files, but it does reduce your SMB file serving speeds down to Windows XP and Windows Server 2003 levels which would result in a moderate decrease in performance.  When the patch becomes available and you have applied the patch, just run the enable-SMBv2.reg file and reboot.

5 thoughts on “Temporary workaround for Windows SMBv2 zero-day”

  1. Thanks George. Ofcourse I have to be the only person with Vista at work who is vulnerable. I remember I had similar problems when I used XP as well.

  2. @nucrash
    What do you mean you’re the only one vulnerable? This affects all versions of Vista and it affects the first release of Windows Server 2008. Win2008 R2 and Windows 7 were patched before RTM.

  3. I am the only person with Windows Vista at my work location. My older system failed, so I purchased a new build with Vista x64. Servers are all running Windows 2003 or older. Most servers are running that or SLES 10 SP2. Desktops are all running Windows XP SP3 sans my system. Hence, I was the first to make the leap. I am also the one who loathes Vista the most, but only Nixon can go to China.

  4. I understand that changing your network settings from Private to Public will also block attackers (Public is meant for use at hotspots like airports and coffee shops). Not a likely option for corporate environments, but for home users it should be useful.

    So much for “Patch Tuesday”. They are now saying ‘maybe’ October 13. Microsoft is sounding like Popeye’s friend Wimpy: “I will gladly patch you Tuesday for a $300 hamburger today”. I wonder what Vista ME; I mean Windows 7, will be like.

  5. @etaripami

    Keep in mind, October 13th *is* the next “Patch Tuesday”.

    W7 and 2008 R2 have already been much better on the patching. They’ve already been through a few Patch Tuesdays, and it is incredible how many things affect Vista/2008, but not W7/2008 R2. Likewise, watching the patch count (and effects of the same vulnerability) for Vista/2008 compared to XP/2003 also shows that those OS’s really did make great improvements, on the security front at least.

    J.Ja

Comments are closed.