SMB Validation Remote Code Execution Vulnerability

[stevenriz]

Hi. I have a question about this SMB patch for Windows. According to this security bulletin

http://www.microsoft.com/technet/security/Bulletin/MS09-001.mspx,

a server can become vulnerable to remote code execution using ports 139 and 445.

My question is this. When I do a netstat on the server, I do not see either of these ports listenting. Does this mean we are not vulnerable? Even though they aren't listening, can an attacher still exploit the ports?

 

[stevenriz]

As I look closer, I do see these ports listening like so...

TCP P13:netbios-ssn SERVER13:0 LISTENING

UDP P13:microsoft-ds *:*

the services file shows the port relations liks so...
netbios-ssn 139/tcp nbsession
microsoft-ds 445/tcp
microsoft-ds 445/udp

So I may have answered my own question. Either we start up the firewall on the server to block these ports incoming, or we patch the server.

Anyone have any other thoughts?