Attack code developed for SMB vulnerability

Microsoft is readying a fix for a serious zero-day vulnerability in its Server Message Block (SMB) protocol, just as   exploit code has become publicly available.

The flaw in SMB 2.0 could enable an attacker to install malware on Windows Vista and Server 2008 machines, according to an advisory released Sept. 8. 

Though a representative for the software giant said he is not aware of any active attacks targeting end-users, it could be a matter of time before the in-the-wild exploits begin.

That is because Stephen Fewer, a researcher at Harmony Security, has added exploit code for the vulnerability to the publicly available Metasploit Framework, according to a Sunday post on the Metasploit blog.

HD Moore, founder of the Metasploit project and former director of security research at BreakingPoint Systems, referred questions to the blog post. Fewer could not be reached for comment.

"This [security] update will be released once it reaches an appropriate level of quality for broad distribution," Christopher Budd, security response communications lead at Microsoft, said in an email to SCMagazineUS.com Tuesday.

The next scheduled patch release is Oct. 13, but Microsoft has released emergency fixes in the past. Experts have said an out-of-band release could be imminent for this vulnerability, considering it could give rise to a worm like Conficker.

In the meantime, Microsoft encourages users to apply a workaround, released Sept. 18.

"Until the security update is released, the best way to protect systems from this vulnerability is to disable support for version 2 of the SMB protocol," according to a post Friday on the company's Security Research & Defense blog. "The security advisory was updated yesterday with a link to the Microsoft Fix It package that disables SMBv2 and then stops and starts the Server service."