Exploit for Windows’ SMB v2 leaves users open for attack

ZDNet‘s Ryan Naraine reports that the Windows SMB v2 is still unpatched and the code for exploiting it has been released and is available to everyone who uses the Metasploit attack tool.

The creator of the exploit is Stephen Fewer, founder of Harmony Security, and he’s also responsible for its “publication”, which caused mixed feelings in the IT community.

One one hand, the release of such exploits will put pressure on the developer of the software and the patch will be available sooner. But, on the other hand, this is like giving malicious individuals the keys to your house – they can install malware or plant backdoors into the vulnerable system (in this case Windows Vista Service Pack 1 and 2, and Windows 2008 SP1 server).

Microsoft is working furiously to release a fix for the vulnerability as soon as possible. Microsoft’s security response team are carrying out stress testing, 3rd-party application testing, and fuzzing as we speak.

Naraine advises that until the patch is released, vulnerable users can deploy a workaround fix that disables SMB v2, but it is only a temporary solution that can lessen the probability of a remote code execution attack succeeding.




Share this