Share
Microsoft has offered a quick fix for the SMB2 (Microsoft Server Message Block Version 2) vulnerability that targets Windows Vista and Server 2008. The quick fix is to help disable the SMB2 protocol while a patch is tested.
Microsoft offers Fix It option for SMB2 vulnerability.(IMG:J.Anderson)
Microsoft said they are still not aware of any real-world attacks on the SMB2 vulnerability, but updated Security Advisory 975497 to include two Fix It options that will either enable SMB2 or disable it.
In a posting on the SRD blog, Mark Wodrich and Jonathan Ness, of MSRC Engineering said that they are aware of Immunity Inc.’s exploit code, and after testing it can confirm that it works on Vista and Server 2008.
If successful, exploitation of the SMB2 vulnerability will afford the attacker complete control over the system. In addition, Microsoft is aware of other groups working on code that will exploit the SMB flaw, and expect it to be made public before a proper patch is issued.
While IDS measures and firewalls with the proper signatures will detect an attack on the SMB2 protocol, Microsoft is urging administrators to apply the Fix It solution in the meantime. According to the SRD blog, there is a patch for this issue coming, but it is unknown if the official patch will come with the October updates, or if it will come as an out-of-cycle patch.
“The product team has built packages and are hard-at-work testing now to ensure quality. It takes more testing than you might think to release a quality update. For this update, the product team has so far already completed over 10,000 separate test cases in their regression testing,” the SRD post reads.
"They are now in stress testing, 3rd-party application testing, and fuzzing. We'd sure like to complete all that testing before the update needs to be released. "
The Fix It solution can be found here.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story