Since part of the C-I-A triangle includes Availability (in addition to Confidentiality and Integrity), this weakness in how SRV2.SYS deals with malformed SMB headers as part of the Negotiate Protocol Request function is essentially a denial of service vector.
Exploit code for this flaw has been added to the Metasploit Framework, although Microsoft maintains that they have received no reports of attacks or customer impacts.
Microsoft has quite a history when it comes to SMB vulnerabilities, and it will be interesting to see how long it takes Redmond to crank out a fix for this one.
Updated 9/9/09: Microsoft has re-released Security Advisory 975497 regarding the SMB vulnerability. Aside from snarking at us because the details were "irresponsibly reported", Microsoft wants us to know that Windows 7 RC is affected, but not Windows 7 RTM. Also, Windows Server 2008 R2, Windows XP, and Windows 2000 are not affected, according the the re-release - mainly because Microsoft didn't introduce SMB2 until after those products were already on the market.
No comments:
Post a Comment
Please tell me what you think.