Researchers fret over new Microsoft SMB vulnerability

Share this article:
Hours after it released five fixes Tuesday as part of its monthly security update, Microsoft disclosed a new, unpatched vulnerability in its Server Message Block (SMB) network protocol, used to share files.

The flaw in SMB 2.0 could permit remote code execution, according to an advisory released Tuesday night. Microsoft said it was not aware of any active attacks leveraging the bug, present only in Windows Vista and Server 2008.

However, researcher Laurent Gaffie has posted proof-of-concept code to the Full Disclosure mailing list. He said the code could be used to crash any Vista or Windows 7 machine that has SMB enabled, resulting in the so-called "blue screen of death."

But experts disagreed, saying the flawed code does not appear to be in the final version Windows 7, scheduled for release on Oct. 22. Still, the problem concerns experts.

"I am of the opinion that it is very exploitable," Lurene Grenier, analyst team lead for Sourcefire's vulnerability research team, told on Wednesday.

She said businesses with properly configured firewalls should be protected against an attack. But while the vulnerability is unpatched, administrators should consider using an alternative protocol to share files.

"For the most part, organizations want [file-sharing] turned on on the server," Grenier said. "What you don't need is half of your company sharing documents through it when they can send those documents through email."

Ron Gula, CEO and CTO of Tenable Network Security, told on Wednesday that he expects Microsoft to deliver an out-of-band patch for the flaw, which he called a "virus candidate."

"This might be the first of many bugs [to affect SMB 2.0]," Gula said.

Share this article:

Sign up to our newsletters

More in News

Apple's iOS 7.1.1 fixes Webkit bugs, encryption bypass issue

Released Tuesday, the update prevents exploit via "triple handshake" attacks, which could allow a bypass of encryption safeguards.

'Unauthorized' media contact a fireable offense for U.S. intel employees

The new media policy states that U.S. intelligence employees who have "unauthorized" contact with the media could lose their jobs.

AOL Mail hack furthers spam campaign using spoofed accounts

AOL confirmed on Monday that it was aware of the issue and working to remediate the situation.