Microsoft under increased pressure to fix SMB2 security flaw

Microsoft is under increasing pressure to release a security patch for a vulnerability in its file sharing (SMB2) protocol as more exploit code becomes available....

Microsoft is under increasing pressure to release a security patch for a vulnerability in its file sharing (SMB2) protocol as more exploit code becomes available.

Earlier this month security researcher Laurent Gaffie published a proof of concept code showing how an attacker could crash machines with the Server Message Block 2.0 (SMB) protocol enabled.

The problem has become potentially a lot more serious with the release of more exploit code by security researcher Stephen Fewer that could enable attackers to take over control of targetted computers.

According to the open-source Metasploit Project, Fewer's code has been added to the its penetration testing tool known as the Metasploit Framework.

The exploit works against Windows Vista Service Pack 1 and 2 and Windows 2008 SP1 server and possibly also Windows 2008 SP2, according to Metasploit developer HD Moore.

According to Metasploit, the best workaround for this still-unpatched flaw is to disable the SMB2 protocol.

Microsoft last week issued a quick temporary fix for the SMB2 flaw and set the company was still working on a security patch.

Microsoft has not yet indicated whether the patch will be included in the October Patch Tuesday monthly security update.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Business applications

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close