Results 1 to 3 of 3

Thread: Remote exploit released for Windows Vista SMB2 worm hole

  1. #1
    leofelix is offline Member
    Join Date
    Oct 2008
    Location
    Italy
    Posts
    1,668

    Default Remote exploit released for Windows Vista SMB2 worm hole

    "Security researchers at penetration testing firm Immunity have created a reliable remote exploit capable of spawning a worm through an unpatched security hole in Microsoft’s dominant Windows operating system. A team of exploit writers led by Kostya Kortchinsky attacked the known SMB v2 vulnerability and created a remote exploit that’s been fitted into Immunity’s Canvas pen-testing platform. The exploit hits all versions of Windows Vista and Windows Server 2008 SP2, according to Immunity’s Dave Aitel.
    Immunity’s Canvas is used by IDS (intrusion detection companies) and larger penetrating testing firms as a risk management tool.
    Exploit writers at the freely available Metasploit Project are also close to finishing a reliable exploit for the vulnerability, according to Metasploit’s HD Moore.
    The vulnerability, which was originally released as a denial-of-service issue, does not affect the RTM version of Windows 7, Microsoft said. It appears Microsoft fixed the flaw in Windows 7 build ~7130, just after RC1.



    Windows Vista and Windows Server 2008 users remain at risk.


    In the absence of patch, Microsoft recommends that users disable SMB v2 and block TCP ports 139 and 445 at the firewall."






    Source: Remote exploit released for Windows Vista SMB2 worm hole | Zero Day | ZDNet.com




    You can watch a video of the exploit here


    https://www.immunityinc.com/documentation/smbv2.html


  2. #2
    seti is offline Member
    Join Date
    Nov 2008
    Posts
    1,923

    Default

    Thank you for the warning

  3. #3
    estra is offline Windows Enthusiast
    Join Date
    Jul 2009
    Posts
    143

    Default

    Microsoft has made available a temporary solution for a time being that would Disable SMBv2 - Microsoft Security Advisory: Vulnerabilities in SMB could allow remote code execution.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22