TechTarget

Microsoft under increased pressure to fix SMB2 security flaw

Microsoft is under increasing pressure to release a security patch for a vulnerability in its file sharing (SMB2) protocol as more exploit code becomes available....

Microsoft is under increasing pressure to release a security patch for a vulnerability in its file sharing (SMB2)...

protocol as more exploit code becomes available.

Earlier this month security researcher Laurent Gaffie published a proof of concept code showing how an attacker could crash machines with the Server Message Block 2.0 (SMB) protocol enabled.

The problem has become potentially a lot more serious with the release of more exploit code by security researcher Stephen Fewer that could enable attackers to take over control of targetted computers.

According to the open-source Metasploit Project, Fewer's code has been added to the its penetration testing tool known as the Metasploit Framework.

The exploit works against Windows Vista Service Pack 1 and 2 and Windows 2008 SP1 server and possibly also Windows 2008 SP2, according to Metasploit developer HD Moore.

According to Metasploit, the best workaround for this still-unpatched flaw is to disable the SMB2 protocol.

Microsoft last week issued a quick temporary fix for the SMB2 flaw and set the company was still working on a security patch.

Microsoft has not yet indicated whether the patch will be included in the October Patch Tuesday monthly security update.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close