>Remote exploit found in Windows Vista - no patch will be made available

8:28 PM

>

Security researchers at penetration testing firm Immunity have created a reliable remote exploit capable of spawning a worm through an unpatched security hole in Microsoft’s dominant Windows operating system.
A team of exploit writers led by Kostya Kortchinsky attacked the known SMB v2 vulnerability and created a remote exploit that’s been fitted into Immunity’s Canvas pen-testing platform. The exploit hits all versions of Windows Vista and Windows Server 2008 SP2, according to Immunity’s Dave Aitel.
Remote exploit released for Windows Vista SMB2 worm hole 

This has already been patched in Windows 7 but Microsoft does not indicate that they're making any plans to patch it in Vista or Server 2008 SP2. Instead they recommend that you block the TCP ports 139 and 445 on your firewall and disable the SMB 2.0 service. Now, this is retarded because most home users are not going to know how to disable the SMB 2.0 service... I know I didn't and I'm a little more than average. Fortunately Google turns up a workable answer:


To disable SMB 2.0 for Windows Vista or Windows Server 2008 systems that are the “client” systems run the following commands:
sc config lanmanworkstation depend= bowser/mrxsmb10/nsi
sc config mrxsmb20 start= disabled
Note there's an extra " " (space) after the "=" sign.
To enable back SMB 2.0 for Windows Vista or Windows Server 2008 systems that are the “client” systems run the following commands:
sc config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc config mrxsmb20 start= auto

How to Disable SMB 2.0 on Windows Vista/2008

You can get to the command prompt in Vista by clicking on the Start button and then typing in "cmd.exe". Right click on the cmd file that appears in the results window and then click on "run as administrator" (if you try the commands as a regular user they won't work).

I hope Microsoft wises up about this and releases a patch for it.
Related articles by Zemanta
Reblog this post [with Zemanta]

You Might Also Like

0 comments