Donate To The Empire:

Today Microsoft released an manual workaround for closing the SMB2 flaw revealed earlier this month. Initially the flaw was believed to only allow an attacker to crash a vulnerable machine, but since that time more exploits have been released which allow remote control and penetration of unpatched systems.

The workaround is being released on the heels of news that Metasploit will be adding this vulnerability to their penetration testing software by the end of the week. A patch should become available via windows update by the end of the month according to Microsoft reports.

Workaround:
1. Click Start, click Run, type Regedit in the Open box, and then click OK.

2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services

3. Click LanmanServer.

4. Click Parameters.

5. Right-click to add a new DWORD (32 bit) Value.

6. Enter smb2 in the Name data field, and change the Value data field to 0.

7. Exit.

8. Restart the “Server” service by performing one of the following:

- Open up the computer management MMC, navigate to Services and Applications, click Services, right-click the Server service name and click Restart. Answer Yes in the pop-up menu.

- From a command prompt and with administrator privileges, type net stop server and then net start server.

You can also use the Microsoft automated “Fix It” tool found here to disable or enable SMB2. It is STRONGLY recommended that if you are running Windows 2008 server, Windows Vista, or Windows 7 that you disable SMB2 until a patch is released.