What to do with Microsoft SMB2 vulnerability

What to do with Microsoft SMB2 vulnerability

Tags:   Denial of Service (DoS) Attack Prevention  Microsoft  Server Message Block

By Nick Lewis | Feb 8, 2010

In early September, Microsoft advised users of a remote code execution vulnerability found in its Server Message Block Version 2 (SMBv2) protocol. SMB is a file sharing and printing protocol used in Windows to pass messages between networked devices.

Researchers developed working exploit code that could be used to exploit the flaw and cause a denial of service (DoS) or unauthenticated remote code execution. This exploit code has been publically released as well.

Early on, Microsoft released a fix that disabled SMBv2. SMBv2, an update to the protocol, is only supported on Windows Server 2008, Windows Vista and Windows 7, and can only be used if both the client and server support it. Windows Vista SP2 and prior and Windows 2008 SP2 and prior are vulnerable. Windows 7 Release Candidate is also vulnerable, but was patched prior to Windows 7's official release. Windows XP, Windows 2003 and Windows 2008 R2 are not vulnerable.

In October, the software giant issued a security patch as part of its normal Patch Tuesday cycle. Enterprises were recommended to apply this patch during their normal patching cycle, and if they could not deploy it, they should have done so prior to the next Microsoft patch release. In this tip, let's explore why enterprises should consider expediting SMB patch deployment or using one of the workarounds.

Remote code execution or denial-of-service attacks are serious threats to an environment. The Server Message Block Version 2 security vulnerability could be incorporated into bots, worms or other malicious code to attack an organization, access its data and gain a further foothold into its network. Many bots, worms, or other types of malicious code are developed in a modular fashion to easily incorporate new attack methods and vulnerabilities.

For example, the notorious Conficker worm (or Conficker/Downadup) used several different Windows vulnerabilities to spread and infect systems. Similarly, the SMB vulnerability has the capability to be included in a worm and spread quickly. While the exploit code hasn't yet been included in other malware, it could be incorporated into worms or bots and used in targeted attacks. It also has been included in the Metasploit open source penetration testing framework.

 
 
12

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Today's top security priorities
Attacks based on vulnerabilities in websites are skyrocketing, and not many solutions are available to protect organizations against them. How do you deal with this and other key security issues today?
Taking a holistic business-centric approach to security
Today’s CIOs face multiple challenges, including the need to innovate in an extremely competitive business climate, address highly dynamic regulatory and compliance challenges, speed ROI to counter shrinking IT budgets, and secure their organizations against a wide barrage of sophisticated threats.
 
 
 
UTM product offers Logansport Savings Bank superior protection
Astaro Security Gateway’s IPS was able to block attacks that other intrusion prevention systems (IPS) missed at Logansport Savings Bank.
Hong Leong Financial opts for Juniper Networks at new Malaysia head office, data center
Hong Leong Financial Group Berhad builds complete and seamless data center and office network infrastructure with Juniper switches, security devices and Junos software.
 
 
 

Recent popular content

Most Read
Using Scapy to test Snort IDS
Top 10 tips for protecting sensitive data from malicious insiders
Cybercriminals target healthcare records
PCI tokenization on the rise
Virtual patching makes an impact on RSA conference

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS