Microsoft unveils shield for critical Windows flaw as attack code looms

From InfoWorld: With attack code that exploits a critical unpatched bug in Windows likely to go public soon, Microsoft wants users to run an automated tool that disables the vulnerable component.

The bug in SMB (Server Message Block) 2, a Microsoft-made network file- and print-sharing protocol that ships with Windows, affects Windows Vista, Windows Server 2008 and preview releases of Windows 7.

When the flaw was first disclosed Sept. 7, it was thought that attacks would only crash PCs, causing the notorious Blue Screen of Death. Since then, however, researchers have figured out how to create exploits that can be used to hijack a vulnerable computer.

Last Wednesday, Miami Beach-based Immunity, which is best known for its CANVAS penetration testing framework, built a working remote code exploit, and released it to paying subscribers of its Early Updates program.

On Friday, Microsoft confirmed that Immunity's exploit worked as advertised. "We have analyzed the code ourselves and can confirm that it works reliably against 32-bit Windows Vista and Windows Server 2008 systems," said Mark Wodrich and Jonathan Ness, both members of the Microsoft Security Response Center (MSRC) engineering team, on a company blog. "The exploit gains complete control of the targeted system and can be launched by an unauthenticated user."

View: Article @ Source Site