Microsoft, waiting to correct the flaws in the Protocol v2 SMB (server message block, protocol for sharing files, printers) exploitable through an exploit that would allow malicious users to reboot or server crash remotely without authorization: the worst case scenario would be obtained through a script or worm attack on multiple machines around the world.
addition, the trading company which intends to exploit this vulnerability is called Immunity Inc. and intends to market the platform CANVAS 6.5. To see the video demonstration:
https: / / www.immunityinc.com/documentation/smbv2.html
This vulnerability only affects the service SMB v2, so I remain immune to the server 2003, XP, Windows 2000 and Windows 7, concerns Vista and Server 2008 .
Firewall and Router, however, are effective countermeasures according to Microsoft, but also the decommissioning of sharing TCP ports 139 (NetBIOS) and TCP 445 (Microsoft-DS).
To disable SMB 2.0 protocol used by the process server, locate the registry with regedit in the following string:
- net stop server
- net start server
the official patch will be ready when Microsoft re-enable the voice of the registry value to 1 and then restart the server service and install the patch .
Microsoft has guaranteed security warning (advisory 975497 ) that the vulnerability does not affect Windows 7.
Here is the news spread from the original SANS:
http://isc.sans.org/diary.html?storyid=7141
http://isc.sans.org/diary.html?storyid=7093 Fortunately
October 13 was released the patch 09-050:
http://www.microsoft.com/technet/security/bulletin/ms09-050.mspx
addition, the trading company which intends to exploit this vulnerability is called Immunity Inc. and intends to market the platform CANVAS 6.5. To see the video demonstration:
https: / / www.immunityinc.com/documentation/smbv2.html
This vulnerability only affects the service SMB v2, so I remain immune to the server 2003, XP, Windows 2000 and Windows 7, concerns Vista and Server 2008 .
Firewall and Router, however, are effective countermeasures according to Microsoft, but also the decommissioning of sharing TCP ports 139 (NetBIOS) and TCP 445 (Microsoft-DS).
To disable SMB 2.0 protocol used by the process server, locate the registry with regedit in the following string:
HKEY_LOCAL_MACHINE \\ System \\ CurrentControlSet \\ Services \\ LanmanServer \\ Parameters \\
add a new DWORD value smb2 insert name and set the value to 0 for decommissioning. Then stop and restart the server service with the commands: - net stop server
- net start server
the official patch will be ready when Microsoft re-enable the voice of the registry value to 1 and then restart the server service and install the patch .
Microsoft has guaranteed security warning (advisory 975497 ) that the vulnerability does not affect Windows 7.
Here is the news spread from the original SANS:
http://isc.sans.org/diary.html?storyid=7141
http://isc.sans.org/diary.html?storyid=7093 Fortunately
October 13 was released the patch 09-050:
http://www.microsoft.com/technet/security/bulletin/ms09-050.mspx
0 comments:
Post a Comment