September 30, 2009, 2:49PM
SMB2 Exploit Fitted into Metasploit; Attacks Likely
Comment Fully functional exploit code for the (still unpatched) Windows SMB v2 vulnerability has been released to the public domain via the freely available Metasploit point-and-click attack tool, raising the likelihood for remote in-the-wild code execution attacks.
The exploit, created and released by Harmony Security's Stephen Fewer, provides a clear roadmap for hackers to plant malware or open backdoors on Windows Vista Service Pack 1 and 2 as well as Windows 2008 SP1 server.
The release of the public exploit puts Microsoft under serious pressure to complete its patch-testing process and release a fix to head off in-the-wild attacks.
Editor's Pick
According to Microsoft's Johnathan Ness, the company's security response team has already completed more than 10,000 separate test cases in their regression testing and are currently doing "stress testing, 3rd-party application testing, and fuzzing."
Microsoft's next scheduled Patch Day is more than two weeks away -- on October 13, 2009 -- which means the company is now under pressure to issue an emergency, out-of-cycle fix for vulnerable Windows users.
The flaw, which was originally released on September 8 as a simple denial-of-service issue, does not affect the RTM version of Windows 7
On September 17, a team of exploit writers from Immunity created a remote exploit that’s been fitted into Immunity’s Canvas pen-testing platform. The exploit hits all versions of Windows Vista and Windows Server 2008 SP2.
Until Microsoft issues a patch, vulnerable Windows users should immediately implement the one-click "fix-it" workaround that's available. The fix-it package, which was added to Redmond’s pre-patch advisory, effectively disables SMBv2 and then stops and starts the Server service. It provides temporary mitigation from remote code execution attacks targeting the known — and still unpatched — vulnerability.
Here are direct links:
To revert the workaround, and re-enable SMBv2, you can:
Mitigation guidance for enterprises are available in this blog post and in the Microsoft security advisory.
MORE ON THIS STORY FROM THREATPOST:
- New Remote Flaw Found in SMB2 in Windows Vista and Windows 7
- Microsoft Confirms SMB2 Flaw, Heightens Severity
- Stage is Set for Vista Worm With SMB2 Flaw
- Remote exploit released for Windows Vista SMB2 worm hole
Commenting on this Article is closed.
Today's Most Popular
- Researchers Discover Android Mobile Botnet 100k Strong
- Phony Temple Run Game For Android Plays On Android-iOS App Gap
- Adobe's Security Chief Talks About Driving Up The Cost of Exploits
- Hackers Hit Alabama, Mexican Government Websites
- Attackers Using Fake Google Analytics Code to Redirect Users to Black Hole Exploit Kit
Most Commented Stories
-
Attackers Using Fake Google Analytics Code to Redirect Users to Black Hole Exploit Kit (8)
-
Twenty Something Asks Facebook For His File And Gets It - All 1,200 Pages (56)
-
Did Apple, RIM and Nokia Help The Indian Government Spy On The U.S.? (3)
-
Google Begins Security Review Process for Android Apps (2)
-
Costin Raiu on the Timing of the Duqu Attacks (2)
Newsletter Sign-up
Take Our Poll
Follow Threatpost
 |  |  |  |
| Tumblr |
