Remote exploit released for Windows Vista SMB2 worm hole

Security researchers at penetration testing firm Immunity have created a reliable remote exploit capable of spawning a worm through an unpatched security hole in Microsoft’s dominant Windows operating system.

A team of exploit writers led by Kostya Kortchinsky attacked the known SMB v2 vulnerability and created a remote exploit that’s been fitted into Immunity’s Canvas pen-testing platform. The exploit hits all versions of Windows Vista and Windows Server 2008 SP2, according to Immunity’s Dave Aitel.

Security researchers at penetration testing firm Immunity have created a reliable remote exploit capable of spawning a worm through an unpatched security hole in Microsoft’s dominant Windows operating system.

A team of exploit writers led by Kostya Kortchinsky attacked the known SMB v2 vulnerability and created a remote exploit that’s been fitted into Immunity’s Canvas pen-testing platform. The exploit hits all versions of Windows Vista and Windows Server 2008 SP2, according to Immunity’s Dave Aitel.

[ SEE: Microsoft Confirms SMB2 Flaw, Heightens Severity ]

Immunity’s Canvas is used by IDS (intrusion detection companies) and larger penetrating testing firms as a risk management tool.

Exploit writers at the freely available Metasploit Project are also close to finishing a reliable exploit for the vulnerability, according to Metasploit’s HD Moore.

The vulnerability, which was originally released as a denial-of-service issue, does not affect the RTM version of Windows 7, Microsoft said. It appears Microsoft fixed the flaw in Windows 7 build ~7130, just after RC1.  Windows Vista and Windows Server 2008 users remain at risk.

In the absence of patch, Microsoft recommends that users disable SMB v2 and block TCP ports 139 and 445 at the firewall.

* Hat tip: Dan Goodin/The Register.

Suggested articles

AutoRun Infections Plummet Following Upgrade

A mid-February AutoRun update has had a dramatic effect on malware infection rates on the XP and Vista platforms, reducing infection rates using the AutoRun feature by as much as 68% across Windows platforms, according to Microsoft.

Microsoft Warns Of Security Hole in Windows Graphics Engine

Microsoft issued an advisory to Windows users about a security vulnerability in a common Windows component that could be used by remote attackers to run malicious code on machines running the Windows XP, Vista and Windows Server 2003 operating systems.

Microsoft Ships Anti-Exploit Tool for IT Admins

LAS VEGAS — Microsoft today released a new tool to help IT administrators backport anti-exploit mitigations like ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) to older versions of Windows.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.