News

Microsoft under increased pressure to fix SMB2 security flaw

Warwick Ashford

Microsoft is under increasing pressure to release a security patch for a vulnerability in its file sharing (SMB2) protocol as more exploit code becomes available.

Earlier this month security researcher Laurent Gaffie published a proof of concept code showing how an attacker could crash machines with the Server Message Block 2.0 (SMB) protocol enabled.

The problem has become potentially a lot more serious with the release of more exploit code by security researcher Stephen Fewer that could enable attackers to take over control of targetted computers.

According to the open-source Metasploit Project, Fewer's code has been added to the its penetration testing tool known as the Metasploit Framework.

The exploit works against Windows Vista Service Pack 1 and 2 and Windows 2008 SP1 server and possibly also Windows 2008 SP2, according to Metasploit developer HD Moore.

According to Metasploit, the best workaround for this still-unpatched flaw is to disable the SMB2 protocol.

Microsoft last week issued a quick temporary fix for the SMB2 flaw and set the company was still working on a security patch.

Microsoft has not yet indicated whether the patch will be included in the October Patch Tuesday monthly security update.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy