Critical Windows Vulnerability -> Prevent inbound access to ports 139 and 445

A source of mine received some information from Microsoft saying the vulnerability stems from a critical, wormable problem in the Windows server message block service, a component of Windows used to provide shared access to files, printers, and other communications over a network. My source, who asked not to be identified because Microsoft has not yet publicly discussed the details, said Redmond has acknowledged that criminals have for the past three weeks been using the vulnerability to conduct targeted attacks. The source said that so far, fewer than 100 targeted attacks leveraging this flaw have been spotted by Microsoft's security team, but that Microsoft was rushing out this patch because the number of attacks appears to be increasing of late.

Microsoft Security Bulletin MS08-067 – Critical

Those who use a direct dialup connection to the Internet or DMZ host behind a router please Block Inbound TCP/UDP ports 139 and 445 at the firewall until a patch is released.

Did you manage to cut down the sevice list that far? :o

From what I read the MS workaround suggest to disable Computer Browser and Server services on all systems and filter the affected RPC identifier on Windows Vista and Windows Server 2008 so maybe the RPC service is involved too.

I am not too knowledgeable on all this tech talk. Is there any chance for me to know if my router has a DMZ Host? I checked the link you provided but it’s too techy for me.

Does the affect Windows XP? That’s what I use.

Read this about disabling services (its a simple guide, step by step) This will prevent many of those so called security holes (go with SAFE settings till you get a little used to changing this stuff):

If you use windows xp:
If you use windows Vista:

Thanks, I have visited that page and as you suggested followed the safe procedure. I know you said this will greatly boost my security against these ‘hole’ issues but will this definitely be of help to me regarding this current issue?

This current hole posted by gibran has been fixed by microsoft, you should get a patch that protects you if you visit windows update or if you have automatic updates ON, actually you could very well have it installed.

Disable the services you did to run blackvipers safe setup will not protect you in this case.
But by also disable the service called “Computer Browser” and “Server” you should be unaffected by this hole, But your better of just downloading the update from Microsoft and keep your system up to date since disable things when you don’t know what they are for could course system instability.

I wouldn’t worry too much.

:stuck_out_tongue: :stuck_out_tongue:

I will not worry then. Thanks for the prompt reply also :comodorocks:.