Close to Patch Tuesday, new flaw surfaces
As Microsoft prepares to release patches, researchers said they've seen exploit code for a new flaw that puts organizations using Vista and Windows 7 at great risk.
The flaw lies in the SMB (Server Message Block) 2 software in Windows, said Bojan Zdrnja, a handler for the SANS Internet Storm Center. Exploit code was released around 11 p.m. U.S. Eastern time, he said.
Zdrnja said he tested the exploit code and it works on fully patched Vista machines running Service Pack 1 or 2 as well as Windows 7. It may also affect Windows Server 2008. When successfully attacked, the exploit will cause the targeted machine to crash.
"You get the blue screen of death," Zdrnja said.
Researchers don't know yet if the flaw is remotely exploitable, he said. Just one malicious packet is needed to crash a machine. Most PCs on internal networks keep port 445 open, which is used for file sharing.
That's dangerous, since if a hacker already has access to a compromised computer within the network, it would be possible to crash all the other machines, Zdrnja said. Administrators should disable access to the port.
Home users usually have that port open, too, Zdrnja said. But for users who join a public Wi-Fi network, Windows will ask if it is a public network and, if it is, then block port 445.
A module for the exploit has already been created for Metasploit, a hacker toolkit used to attack PCs, Zdrnja said.
Microsoft is due to release its five patches on Tuesday, all for "critical" flaws, the company's most severe threat rating. Zdrnja said it's not known if this latest flaw will be addressed.
If it isn't patched on Tuesday, Zdrnja said the flaw is so potentially harmful that he would not be surprised if Microsoft did an off-schedule patch release.
"This is really serious," Zdrnja said. "It can potentially affect a huge number of machines."
The SANS Internet Storm Center has published a short diary entry about the flaw. Microsoft officials did not have an immediate comment but said they were investigating.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
Microsoft
Powered by TwitterOn Twitter now
Microsoft
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
