QUOTE
Urges users to run single-click tool before hackers exploit 'decently wormable' flaw
By Gregg Keizer
September 20, 2009 07:56 AM ET
Computerworld - With attack code that exploits a critical unpatched bug in Windows likely to go public soon, Microsoft wants users to run an automated tool that disables the vulnerable component.
The bug in SMB (Server Message Block) 2, a Microsoft-made network file- and print-sharing protocol that ships with Windows, affects Windows Vista, Windows Server 2008 and preview releases of Windows 7.
When the flaw was first disclosed Sept. 7, it was thought that attacks would only crash PCs, causing the notorious Blue Screen of Death. Since then, however, researchers have figured out how to create exploits that can be used to hijack a vulnerable computer.
Last Wednesday, Miami Beach-based Immunity, which is best known for its CANVAS penetration testing framework, built a working remote code exploit, and released it to paying subscribers of its Early Updates program.
On Friday, Microsoft confirmed that Immunity's exploit worked as advertised. "We have analyzed the code ourselves and can confirm that it works reliably against 32-bit Windows Vista and Windows Server 2008 systems," said Mark Wodrich and Jonathan Ness, both members of the Microsoft Security Response Center (MSRC) engineering team, on a company blog. "The exploit gains complete control of the targeted system and can be launched by an unauthenticated user."
More worrisome, however, was news that the open-source Metasploit pen-testing software will add attack code this week, according to HD Moore, a noted security researcher and one of Metasploit's makers. Metasploit's exploit code is often used by hackers to build malicious attacks.
According to Kostya Kortchinsky, an Immunity researcher who worked on the CANVAS attack module, the SMB 2 vulnerability is "decently wormable."
By Gregg Keizer
September 20, 2009 07:56 AM ET
Computerworld - With attack code that exploits a critical unpatched bug in Windows likely to go public soon, Microsoft wants users to run an automated tool that disables the vulnerable component.
The bug in SMB (Server Message Block) 2, a Microsoft-made network file- and print-sharing protocol that ships with Windows, affects Windows Vista, Windows Server 2008 and preview releases of Windows 7.
When the flaw was first disclosed Sept. 7, it was thought that attacks would only crash PCs, causing the notorious Blue Screen of Death. Since then, however, researchers have figured out how to create exploits that can be used to hijack a vulnerable computer.
Last Wednesday, Miami Beach-based Immunity, which is best known for its CANVAS penetration testing framework, built a working remote code exploit, and released it to paying subscribers of its Early Updates program.
On Friday, Microsoft confirmed that Immunity's exploit worked as advertised. "We have analyzed the code ourselves and can confirm that it works reliably against 32-bit Windows Vista and Windows Server 2008 systems," said Mark Wodrich and Jonathan Ness, both members of the Microsoft Security Response Center (MSRC) engineering team, on a company blog. "The exploit gains complete control of the targeted system and can be launched by an unauthenticated user."
More worrisome, however, was news that the open-source Metasploit pen-testing software will add attack code this week, according to HD Moore, a noted security researcher and one of Metasploit's makers. Metasploit's exploit code is often used by hackers to build malicious attacks.
According to Kostya Kortchinsky, an Immunity researcher who worked on the CANVAS attack module, the SMB 2 vulnerability is "decently wormable."
Continued
http://www.computerworld.com/s/article/913...s?taxonomyId=89