Critical Windows Remote Vulnerability Exploit
A new post has been released yesterday providing a script to exploit a critical vulnerability in windows, the vulnerability has been discovered since the 7th of September.
Up to this Monday the vulnerability can lead only to a failure in the system but now and after Stephen Fewer from Metasploit issued this script publicly it is possible to run remotely on the vulnerable PC unauthorized software.
Recently security firm Immunity has developed its own code that uses this bug, but that was available only for their subscriber, while Metasploit made it freely available for the wide.
Members of the Metasploit project, which produces an open-source program for network testing, said that the exploit works on Windows Vista Service Pack 1, 2 and Windows 2008 SP1, SP2, on the other hand, according to Kostya Kortchinsky from Immunity, Metasploit code is completely unreliable. The expert said that he was able to make exploit work only with operating system that runs on virtual machine VMware. If he tried to apply it to Windows runs on physical machine it just fails.
In response,HD Moore from Metasploit team assumed that the attack definitely works on several physical machines, but it seems that additional test is required for it.
Now we find that there is a serious vulnerability and there still no patch available yet, Microsoft advice the following:
Mitigations that help prevent attacks
There are a number of mitigating factors that could aid in preventing attacks such as:
• Enterprise customers can disable SMBv2 using a simple registry script or the Fix It described above. Disabling SMBv2 prevents the vulnerable code from being reached.
• Consumers (not part of an enterprise network) are protected by the on-by-default firewall included in Windows Vista:
o The on-by-default Windows firewall protects vulnerable systems
o The on-by-default Windows firewall allows packets through only if a user explicitly shares a folder or printer.
o When a Windows Vista user chooses the ‘Public’ firewall setting, the firewall will block packets even if a folder or printer has been shared.
This can help to mitigate the risk till a patch will be issued. you can also test this vulnerability by using Metasploit framework which is also available on the BackTrack.
make sure you subscribe to my RSS feed!