Microsoft provides SMBv2 protection tool

Stephen Withers
Monday, 21 September 2009 07:41

Business IT - Security

Microsoft has provided a one-click workaround for the recently disclosed SMBv2 zero-day vulnerability. Work on a real fix is still underway.

Earlier this month, Microsoft conceded that a vulnerability in the Vista and Windows Server 2008 implementation of SMBv2 could allow an attacker to gain complete control of a system, although a restart was the most likely result of an attack.

At the time, the company suggested disabling SMBv2 by editing a registry key as a possible mitigation.

Microsoft now offers a 'one-click' mechanism to disable or enable SMBv2.

The company has also acknowledged the existence of a reliable exploit of the vulnerability, albeit one that is only available to Immunity's customers. (Immunity is a provider of penetration testing and related services.)

An updated SMBv2 implementation has been developed by Microsoft, but it is still being tested.

"We are keeping a close eye on the changing landscape and balancing this against the remaining test actions to determine the best ship schedule to bring a quality update to customers," observed Mark Wodrich and Jonathan Ness of Microsoft's security response center engineering team.