SMB Vuln Headaches Continue

Exploit Code for Unpatched Windows Flaw Released

A security company which releases for-pay vulnerability info,
Immunity Inc, has published a nice video showing just how easy it is to get a shell on a vulnerable
host using their freshly-published exploit.

To rephrase that: there is a remote exploit against the SMB flaw we covered last week. While the exploit code
is not in the wild per se, the capability to exploit this flaw can be obtained in exchange for a moderate amount of money. Reverse-engineering the clever trick used
to transform the DoS attack into a full compromise is probably as simple as watching the SMB packets flow.

It’s therefore highly probable that
this exploit will start being used in the wild in the following days.

About the author


Razvan Stoica is a journalist turned teacher turned publicist and
technology evangelist. When Bitdefender isn't paying him to bring complex subjects to wide audiences, he enjoys writing fiction, skiing and biking.

Razvan Stoica started off writing for a science monthly and was the chief
editor of a science fiction magazine for a short while before moving on to
the University of Medicine in Bucharest where he lectured on the English
language. Recruited by Bitdefender in 2004 to add zest to the company's
online presence, he has fulfilled a bevy of roles within the company since.

In his current position, he is primarily responsible for the communications and community-building efforts of the Bitdefender research and technology development arm.