Researchers fret over new Microsoft SMB vulnerability

Share this article:
Hours after it released five fixes Tuesday as part of its monthly security update, Microsoft disclosed a new, unpatched vulnerability in its Server Message Block (SMB) network protocol, used to share files.

The flaw in SMB 2.0 could permit remote code execution, according to an advisory released Tuesday night. Microsoft said it was not aware of any active attacks leveraging the bug, present only in Windows Vista and Server 2008.

However, researcher Laurent Gaffie has posted proof-of-concept code to the Full Disclosure mailing list. He said the code could be used to crash any Vista or Windows 7 machine that has SMB enabled, resulting in the so-called "blue screen of death."

But experts disagreed, saying the flawed code does not appear to be in the final version Windows 7, scheduled for release on Oct. 22. Still, the problem concerns experts.

"I am of the opinion that it is very exploitable," Lurene Grenier, analyst team lead for Sourcefire's vulnerability research team, told SCMagazineUS.com on Wednesday.

She said businesses with properly configured firewalls should be protected against an attack. But while the vulnerability is unpatched, administrators should consider using an alternative protocol to share files.

"For the most part, organizations want [file-sharing] turned on on the server," Grenier said. "What you don't need is half of your company sharing documents through it when they can send those documents through email."

Ron Gula, CEO and CTO of Tenable Network Security, told SCMagazineUS.com on Wednesday that he expects Microsoft to deliver an out-of-band patch for the flaw, which he called a "virus candidate."

"This might be the first of many bugs [to affect SMB 2.0]," Gula said.



Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ShellShock vulnerability exploited in SMTP servers

Researchers at Trend Micro found that attackers were targeting Simple Mail Transfer Protocol (SMTP) servers to execute malicious code and an IRC bot.

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.