Wednesday, September 30, 2009

What You May Not Know about the SMB2 0Day

What you may already heard/known today about the SMBv2 0day:



Here's a list of follow up that you may not know yet:

  • More than 10 version of the exploit is available here (C, PERL, Python, Ruby, win32)
  • Port of the BSOD code to Metasploit (instead of RCE).
  • Winsock edition is here.
  • SMBv2 vulnerability scanner (class B, C) in Python.


In additional, rumor says:

"We found this issue independently through our fuzzing processes and implemented the fix into Windows 7 RTM (release to manufacturer) and Windows Server 2008 R2," the spokesperson says. "We're working to develop a security update for Windows Vista, Windows Server 2008 and Windows 7 RC."