EmailSafety.net - Rush Windows patch for SMB 2 flaw unlikely, says researcher

Rush Windows patch for SMB 2 flaw unlikely, says researcher

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

Recent News

It's unlikely that Microsoft will ship an emergency fix for a critical Windows vulnerability that the company disclosed earlier this month, a security researcher said yesterday.

The vulnerability in SMB (Server Message Block) 2, a Microsoft-made network file- and print-sharing protocol, affects Windows Vista and Windows Server 2008, as well as preview versions of Windows 7, including the beta and release candidate, which have been downloaded and installed by millions since January.

The appearance of a public exploit Monday cranked up speculation that Microsoft would plug the SMB 2 hole with a so-called "out-of-band" update, one outside the company's regular monthly schedule. But Dave Aitel, the chief technology officer at penetration testing software maker Immunity, said that's virtually impossible.

In a message to the Dailydave security mailing list , Aitel said that Immunity's researchers had rooted around the public exploit. "I asked the Immunity team to take a look into the new exploit to assess whether Microsoft would patch the SMBv2 bug early, and our initial assessment is, 'No, they will not,'" said Aitel in a message posted to the list Tuesday.

Related Content

"Working around this issue in the current public exploit is probably two weeks of work," Aitel added. "At that point, we're nearing Microsoft Tuesday and the need for an out-of-band patch is moot."

Microsoft's next regularly-scheduled Patch Tuesday is Oct. 13, two weeks from yesterday.

Immunity, best known for its CANVAS penetration testing framework, released a working remote code exploit on Sept. 16 to paying subscribers of its Early Updates program. Last Monday, however, attack code went public when Stephen Fewer, a researcher with Harmony Security, added a module to the open-source Metasploit pen-testing toolkit.

One security expert said that the Metasploit move meant in-the-wild attacks are already under way. "This is in the wild now, without question," said Alfred Huger, formerly with Symantec and currently vice president of engineering at security start-up Immunet . "There are a number of automated toolkits that rely on Metasploit as their framework for breaking into end points. The general time to see these pop up on honeypots from the point of public release is nearly always [the] same day."

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.

Recent News:

· Feds draw a bead on Russian behind Mega-D botnet
· Ransomware Attack Resurfaces to Hold Files Hostage
· Adobe Reader X Makes PDF Files Safer
· PayPal Users Beware of Holiday Phishing Scam
· McAfee Reports Malware at All-Time High

Site Map | Recent News | Related Sites