SMB2 Exploit Fitted into Metasploit; Attacks Likely

Fully functional exploit code for the (still unpatched) Windows SMB v2 vulnerability has been released to the public domain via the freely available Metasploit point-and-click attack tool, raising the likelihood for remote in-the-wild code execution attacks.
The exploit, created and released by Harmony Security’s Stephen Fewer, provides a clear roadmap for hackers to plant malware or open backdoors on Windows Vista Service Pack 1 and 2 as well as Windows 2008 SP1 server.

Microsoft Ships Temporary Fix-It for Critical Vista Flaw

With exploit code in circulation and facing a race against time to fix the SMB v2 vulnerability haunting Windows Vista and Windows Server 2008, Microsoft today shipped a one-click “fix-it” workaround to help users avoid malicious hacker attacks.

Remote exploit released for Windows Vista SMB2 worm hole

Security researchers at penetration testing firm Immunity have created a reliable remote exploit capable of spawning a worm through an unpatched security hole in Microsoft’s dominant Windows operating system.

A team of exploit writers led by Kostya Kortchinsky attacked the known SMB v2 vulnerability and created a remote exploit that’s been fitted into Immunity’s Canvas pen-testing platform. The exploit hits all versions of Windows Vista and Windows Server 2008 SP2, according to Immunity’s Dave Aitel.