Windows 7 users would be well-advised to block outgoing ports 139 and 445. Microsoft has confirmed the existence of a vulnerability that affects SMB in Windows 7 and Windows Server 2008 RC2. Worst case scenario: you connect to a malicious server then it crashes your PC.
The beauty here is that, in a perfect world, these ports would be blocked by default, making the exploit much less troubling. Let’s say you’re messing around on your computer, and all of a sudden Windows (or your firewall of choice) prompts you to open port 445 for a connection. So you say to yourself, “Hmm, I’m pretty sure my game of chess doesn’t need to access an SMB share to work properly, so I’m going to go ahead and deny that port-open request.”
But that’s now how the real world works.
It comes down to this: block those two ports when you’re not actively using them. No problems.
I could make some sort of snide remark about this being the first of many (maybe!) Windows 7 exploits, but let’s face it: when you’re dealing with so many lines of code, you’re bound to find a few bugs in there.
Oh, and Microsoft hasn’t said when it plans to patch the exploit. Presumably it will do so with its next big first Tuesday of the month patch day.
via Slashdot