Microsoft rushes out quick fix for SMB flaw

The new vulnerability could allow remote code execution

Microsoft has raced to ship a one-off workaround for the Server Message Block (SMB) v2 vulnerability disclosed earlier this week, to mitigate the risk of users’ Vista or Windows Server 2008 products being hacked.

The one-click fix, which was added to a Microsoft security advisory, has been designed to provide users’ machines with temporary respite from any remote code execution attacks targeting the known vulnerability, by disabling SMBv2 and then stopping and starting the Server service.

However, Redmond warned that disabling SMBv2 may slow down SMB connections between Windows Vista and Windows Server 2008 machines.

The firm also confirmed that the exploit code developed for the vulnerability by penetration testing firm Immunity does indeed work. “It works reliably against 32-bit Windows Vista and Windows Server 2008 systems,” said Microsoft in a posting on its Security Research and Defense blog.

“The exploit gains complete control of the targeted system and can be launched by an unauthenticated user,” it added.

As with other security issues brought to light by researchers, such as the disclosure of IIS vulnerabilities recently, Microsoft is again holding the line that customers may have been put at unnecessary risk by the irresponsible way such vulnerabilities were made public.

“We continue to encourage responsible disclosure of vulnerabilities,” wrote the firm in its accompanying security advisory.

“We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests.”