-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
____/ nessuno on Thursday 01 Oct 2009 17:53 : \____
> <Quote>
> The Windows SMB2 security hole remains open and with malware out now
> that can take advantage of it, it's more dangerous than ever, but
> there's still no patch for it....[SMB2 is] not nearly as secure as
> plain old SMB....
>
> on September 28th, Harmony Security senior researcher Stephen Fewer
> released code that lets anyone try to run unauthorized software on a
> Windows Vista, Server 2008, and early pre-releases of Windows 7.
>
> And has Microsoft rushed to the rescue? Nope. In fact, experts think
> that the earliest Microsoft will be able to fix the problem will be on
> the next Patch Tuesday, October 13th. In the meantime, Microsoft
> recommends that you should just turn SMB2 off.
> </Quote>
>
> http://www.itworld.com/security/79507/no-safety-smb2-users-yet
"A new exploit for the _Smb2ValidateProviderCallback() function has been
released by the same person who created the Denial of Service exploit,
except this one is able to execute code remotely. It seems that ms is sort
of delaying the quick fix for this exploit. Whats even sadder is that they
knew about it when they developed windows 7 but didn't care to patch windows
vista. If they dont release a patch soon, viruses will be all over the
internet...
Exploit code:
http://packetstormsecurity.org/filedesc/smb2_negotiate_func_index.rb.txt.html";
- --
~~ Best of wishes
Roy S. Schestowitz | Mandriva & Fedora - Gotta love them girls
http://Schestowitz.com | Free as in Free Beer | PGP-Key: 0x74572E8E
Load average (/proc/loadavg): 0.95 0.95 0.71 5/308 12827
http://iuron.com - semantic search engine project initiative
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkrFLfUACgkQU4xAY3RXLo4gNwCfdP9bHudW5Ra9jbfJTUoxqnqu
nwoAnRv++YRS7Q28o9lql5UNgQK8HBQo
=fcri
-----END PGP SIGNATURE-----
|
|
