With attack code that exploits a critical unpatched bug in Windows likely to go public soon, Microsoft wants users to run an automated tool that disables the vulnerable component.
The bug in SMB (Server Message Block) 2, a Microsoft-made network file- and print-sharing protocol that ships with Windows, affects Windows Vista, Windows Server 2008 and preview releases of Windows 7.
When the flaw was first disclosed Sept. 7, it was thought that attacks would only crash PCs, causing the notorious Blue Screen of Death. Since then, however, researchers have figured out how to create exploits that can be used to hijack a vulnerable computer.
Last Wednesday, Miami Beach-based Immunity, which is best known for its CANVAS penetration testing framework, built a working remote code exploit, and released it to paying subscribers of its Early Updates program.
More: http://computerworld.com/s/article/9138278/
The bug in SMB (Server Message Block) 2, a Microsoft-made network file- and print-sharing protocol that ships with Windows, affects Windows Vista, Windows Server 2008 and preview releases of Windows 7.
When the flaw was first disclosed Sept. 7, it was thought that attacks would only crash PCs, causing the notorious Blue Screen of Death. Since then, however, researchers have figured out how to create exploits that can be used to hijack a vulnerable computer.
Last Wednesday, Miami Beach-based Immunity, which is best known for its CANVAS penetration testing framework, built a working remote code exploit, and released it to paying subscribers of its Early Updates program.
More: http://computerworld.com/s/article/9138278/