If you want to share files and printers over your network, chances are you use SMB (Server Message Block) either on Windows or Samba. Microsoft, which lost control of SMB a while back, decided a new protocol which could they own: SMB2. There’s only one little problem with it. It’s not nearly as secure as plain old SMB.
The hole in SMB2 was discovered only a few weeks ago on September 7th, but everyone knew it would be easy to exploit. Everyone was right.
While there has have been earlier attack code out in the wild, on September 28th, Harmony Security senior researcher Stephen Fewer released code that lets anyone try to run unauthorized software on a Windows Vista, Server 2008, and early pre-releases of Windows 7.
And has Microsoft rushed to the rescue? Nope. In fact, experts think that the earliest Microsoft will be able to fix the problem will be on the next Patch Tuesday, October 13th. In the meantime, Microsoft recommends that you should just turn SMB2 off.
More >