Microsoft is under increasing pressure to release a security patch for a vulnerability in its file sharing (SMB2) protocol as more exploit code becomes available.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Earlier this month security researcher Laurent Gaffie published a proof of concept code showing how an attacker could crash machines with the Server Message Block 2.0 (SMB) protocol enabled.
The problem has become potentially a lot more serious with the release of more exploit code by security researcher Stephen Fewer that could enable attackers to take over control of targetted computers.
According to the open-source Metasploit Project, Fewer's code has been added to the its penetration testing tool known as the Metasploit Framework.
The exploit works against Windows Vista Service Pack 1 and 2 and Windows 2008 SP1 server and possibly also Windows 2008 SP2, according to Metasploit developer HD Moore.
According to Metasploit, the best workaround for this still-unpatched flaw is to disable the SMB2 protocol.
Microsoft last week issued a quick temporary fix for the SMB2 flaw and set the company was still working on a security patch.
Microsoft has not yet indicated whether the patch will be included in the October Patch Tuesday monthly security update.