Researchers fret over new Microsoft SMB vulnerability

Share this article:
Hours after it released five fixes Tuesday as part of its monthly security update, Microsoft disclosed a new, unpatched vulnerability in its Server Message Block (SMB) network protocol, used to share files.

The flaw in SMB 2.0 could permit remote code execution, according to an advisory released Tuesday night. Microsoft said it was not aware of any active attacks leveraging the bug, present only in Windows Vista and Server 2008.

However, researcher Laurent Gaffie has posted proof-of-concept code to the Full Disclosure mailing list. He said the code could be used to crash any Vista or Windows 7 machine that has SMB enabled, resulting in the so-called "blue screen of death."

But experts disagreed, saying the flawed code does not appear to be in the final version Windows 7, scheduled for release on Oct. 22. Still, the problem concerns experts.

"I am of the opinion that it is very exploitable," Lurene Grenier, analyst team lead for Sourcefire's vulnerability research team, told on Wednesday.

She said businesses with properly configured firewalls should be protected against an attack. But while the vulnerability is unpatched, administrators should consider using an alternative protocol to share files.

"For the most part, organizations want [file-sharing] turned on on the server," Grenier said. "What you don't need is half of your company sharing documents through it when they can send those documents through email."

Ron Gula, CEO and CTO of Tenable Network Security, told on Wednesday that he expects Microsoft to deliver an out-of-band patch for the flaw, which he called a "virus candidate."

"This might be the first of many bugs [to affect SMB 2.0]," Gula said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.