Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: No safety for SMB2 users yet

Hash: SHA1

____/ nessuno on Thursday 01 Oct 2009 17:53 : \____

> <Quote>
> The Windows SMB2 security hole remains open and with malware out now
> that can take advantage of it, it's more dangerous than ever, but
> there's still no patch for it....[SMB2 is] not nearly as secure as
> plain old SMB....
> on September 28th, Harmony Security senior researcher Stephen Fewer
> released code that lets anyone try to run unauthorized software on a
> Windows Vista, Server 2008, and early pre-releases of Windows 7.
> And has Microsoft rushed to the rescue? Nope. In fact, experts think
> that the earliest Microsoft will be able to fix the problem will be on
> the next Patch Tuesday, October 13th. In the meantime, Microsoft
> recommends that you should just turn SMB2 off.
> </Quote>
> http://www.itworld.com/security/79507/no-safety-smb2-users-yet

"A new exploit for the _Smb2ValidateProviderCallback() function has been
released by the same person who created the Denial of Service exploit,
except this one is able to execute code remotely. It seems that ms is sort
of delaying the quick fix for this exploit. Whats even sadder is that they
knew about it when they developed windows 7 but didn't care to patch windows
vista.  If they dont release a patch soon, viruses will be all over the
Exploit code:

- -- 
		~~ Best of wishes

Roy S. Schestowitz      | Mandriva & Fedora - Gotta love them girls
http://Schestowitz.com  | Free as in Free Beer |  PGP-Key: 0x74572E8E
Load average (/proc/loadavg): 0.95 0.95 0.71 5/308 12827
      http://iuron.com - semantic search engine project initiative
Version: GnuPG v1.4.9 (GNU/Linux)


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index