September 8th, 2009, 02:53 PM
SMB 0-day - Windows Vista / 2008 / 7
We have received a report from Tyler that a vulnerability affecting Microsoft SMB2 can be remotely crashed with proof-of-concept code that has been published yesterday and a Metasploit module is out.
We have confirmed it affects Windows 7/Vista/Server 2008. The exploit needs no authentication, only file sharing enabled with one 1 packet to create a BSOD. We recommend filtering access to port TCP 445 with a firewall.
Windows 2000/XP are NOT affected by this exploit.
I haven't put ** ** for greater attention required, since SMB (445) should be filtered on the firewall.
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
September 13th, 2009, 09:44 PM
Awwww, you mentioned my name Although I like it better when they mention my last name as well.
Windows 7 RTM isn't actually affected, only Windows 7 RC is affected.
Also it looks like it's now being called remote code execution rather than just DoS.
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
September 14th, 2009, 12:18 AM
Personally, I don't want my name on anything with the exceptions of what little assets and finacials I have. I would rather be a Max Headroom like figure on everyone's screens.
September 29th, 2009, 09:19 PM
Remote code execution PoC has been released on metasploit
silent play in the shadow of power...
By Irongeek in forum The Security Tutorials Forum
Last Post: September 12th, 2006, 07:17 AM
By Cider in forum Operating Systems
Last Post: March 21st, 2006, 09:30 PM
By gore in forum Other Tutorials Forum
Last Post: October 5th, 2004, 09:26 AM
By warl0ck7 in forum Microsoft Security Discussions
Last Post: August 14th, 2003, 01:23 PM
By Remote_Access_ in forum Security Archives
Last Post: January 12th, 2002, 03:02 AM