Exploit published for SMB2 vulnerability in Windows
A fully functional exploit for the security vulnerability in the SMB2 protocol implementation has been published. It can be used to discover and attack vulnerable Windows machines remotely. By integrating the exploit into the Metasploit exploit toolkit, attackers have access to a wide range of attack options, ranging from issuing a warning to setting up a convenient backdoor on a user's system.
Windows Vista, Windows Server 2008 and the Windows 7 Release Candidate are all vulnerable, although the bug has been fixed in the final version of Windows 7. Microsoft has not yet released a patch for the security vulnerability, which was first disclosed nearly three weeks ago. The software giant has released one-click instructions for disabling the vulnerable SMB2 protocol, but there are sure to be many users who fail to follow them.
Until now, the SMB2 exploit had been mostly circulating privately. Public disclosure means that anyone can now access the source code for the functioning exploit. The potential consequences are illustrated by a small-ad on GetACoder, where an identified Singapore-based outsourcer has posted an advertisement looking for a developer who can put together an adaptable C/C++ program which uploads and executes a program from the web on vulnerable systems. It's hard to imagine that this is going to be used for legitimate security testing.
Anyone using an affected system without a firewall should implement the '1-click workaround' as soon as possible. Since past experience shows that worms are also able to penetrate firewalls, users with firewalls should also take preventive measures.
- Microsoft offers "1-Click Workaround" for SMB2 hole, a report from The H.
- Microsoft warns of SMB vulnerability in Windows Server 2008 and Vista, a report from The H.