Earlier versions of Windows, including Windows 2000, XP and Server 2003 are also safe, since they do not use SMB 2.
Microsoft said it is working on a patch for the SMB 2 vulnerability, but did not spell out a timeline. Its regularly scheduled September updates were issued Tuesday about 1 p.m. ET; the next expected batch of patches isn't due until Oct. 13.
Until a patch is available, Microsoft recommended that users disable SMB 2 by editing the Windows Registry -- a task too daunting for most consumers -- or block TCP ports 139 and 445 at the firewall. Doing the latter will cripple several important services or applications, including the browser, Microsoft acknowledged.
Even though the flaw exists and exploit code is in circulation, some researchers were upbeat. "At the moment I think the default configurations are going to provide enough mitigation for most users, those being the default firewall configurations since Windows XP SP2," said Andrew Storms, nCircle's director of security operations, in an instant message late Tuesday.
Hackers who manage to get within the perimeter of a network, however, may find easy pickings. "The key to a good attack would be to get in on the inside, where enterprises have host-based firewalls disabled," he said.
The SMB 2 vulnerability isn't the only Microsoft bug that's gone public, but has not been patched. Last week, Microsoft announced it was working on a fix for a flaw in the FTP (file transfer protocol) server included in the company's popular Internet Information Services (IIS) Web server.
Microsoft has confirmed that hackers are already using exploits of the FTP bug to attack Web servers.