viernes, 18 de septiembre de 2009

SMBv2 Exploit Code released

SMBv2 Exploit Code released

September 18, 2009, 5:31 am

win_logoMicrosoft acknowledged a security hole in its SMBv2 implementation in Windows Vista, Server 2008 and Windows 7 up to the Release Candidate. With injecting specially prepared network packets attackers obviously are able to take complete control over affected computers.

Now a security company released an exploit for this vulnerability for their exploit framework for penetration testing. It should work for Windows Vista and Server 2008. Also, the open source framework Metasploit is said to release a reliable exploit soon.

So it is just a matter of time until malware exploiting the SMBv2 vulnerability will appear in the wild. The security hole could be used by a worm for example. Microsoft has no patch ready, but advises to implement one of the following workarounds:

- Disable SMBv2 support. The Redmond company also provides a “Fix-it-for-me” tool which will do this for the user. There is also a tool for enabling SMBv2 again.

- Block access to the TCP ports 139 and 445.

While the latter completely disables network shares for windows, the first solution should only have a small performance impact. Administrators might be advised best to disable the SMBv2 support in their LANs until Microsoft releases a patch so that no worm can spread through this security hole.

We’re monitoring the malware scene very closely so we can provide updated detections for appearing worms or similar malware for this vulnerability if necessary.

Dirk Knop
Technical Editor

http://techblog.avira.com/2009/09/18/smbv2-exploit-code-released/en/


Nuevamente los sistemas operativos de Microsoft se ven afectados por una vulnerabilidad, la cual permite a los atacantes tomar el control completo de la máquina de la víctima al enviar o inyectar paquetes de red especialmente preparados. Es interesante ver lo rápido que un exploit puede ser desarrollado para explotar una vulnerabilidad y sobre todo ver que precisamente software como Metasploit es utilizado para generar estos exploits. Sin embargo, también algo q nos obligamos a pensar es el tiempo que se va a tardar Microsoft en liberar el parche...un día, una semana, un mes??? o será un parche q no existira??? habrá que esperarse hasta ver el daño que causa el explotar esta vulnerabilidad para actuar??? Son preguntas que sólo Microsoft podrá responder.



Publicado por en
Etiquetas:

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)