Flaw and Exploit in Latest Windows and Windows Server? Check.

Dr. Roy Schestowitz

2009-09-30 00:19:06 UTC
Modified: 2009-09-30 06:23:34 UTC

Summary: A critical vulnerability lacking any real patch has now an attack code which puts in jeopardy Windows Vista Service Pack 1, Service Pack 2, even Windows 2008 Service Pack 1 (soon 2)

For context, see: Microsoft 'Fixes' Windows Vista and Windows Server 2008 by Disabling Entire Features

Now comes this:

● Exploit published for SMB2 vulnerability in Windows

A fully functional exploit for the security vulnerability in the SMB2 protocol implementation has been published. It can be used to discover and attack vulnerable Windows machines remotely. By integrating the exploit into the Metasploit exploit toolkit, attackers have access to a wide range of attack options, ranging from issuing a warning to setting up a convenient backdoor on a user's system.

● Hackers release new attack code for Windows

On 18 September Microsoft released a Fix-It tool that disables SMB 2, and the company said then that it was working on a fix for its software.

● Pressure on Microsoft, as Windows Attack Now Public

Metasploit developer HD Moore said Monday that the exploit works on Windows Vista Service Pack 1 and 2 as well as Windows 2008 SP1 server. It should also work on Windows 2008 Service Pack 2, he added in a Twitter message.

Will Microsoft do better than with XP? ⬆

Recent Techrights' Posts

The Web We Lost, the Information Lost Due to Microsoft's Attacks on Companies Like Yahoo! (Before the LLM Slop Frenzy): When it comes to news sites, what can we say?
Covering Corruption in Poland, Including a War on Science (Due to Bad Politicians): What we're about to show is that skilled and experienced scientists in Poland are besieged by bureaucrats
Links 02/06/2025: Political Leftovers, DRM, and Patents: Links for the day
Gemini Links 02/06/2025: "Star Wars Day" and "Security Day": Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, June 01, 2025: IRC logs for Sunday, June 01, 2025
The Openwashing Shills Initiative (OSI) - Part II: Lying to the IRS is a Big Issue: The OSI of today pretends to be something that it is not
Bloodlust and Love of Blades (Fascination With Murder) Nothing New Among Microsofters: Violence is not a joke and no group is magically entitled to make such "jokes"
Links 01/06/2025: Bird Flu, Food Price Inflation, and Growing US-China Hostilities: Links for the day
Links 01/06/2025: "Vibe Coding" Turns Out to be a Fraud and Amazon Merits Boycott, Argue Bloggers: Links for the day
Gemini Links 01/06/2025: "Stardust" and Ideal PC Setup: Links for the day
Links 01/06/2025: Windows TCO, Openwashing, "It's FOSS" Still Promoting Microsoft: Links for the day
Gemini Links 01/06/2025: Simplification and Networks Everywhere: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, May 31, 2025: IRC logs for Saturday, May 31, 2025
Google Bribes EFF. EFF Promotes LLM Slop as 'Fair Use'. To GAFAM It's a Low-Cost Lobby Hedge.: So the bribes pay off ("slush fund") and the word spreads
Slopwatch: Fake Text and Images, Financial Bubbles, and Scams in "Intelligent" Clothing: Sometimes what they mean by "AI" is just cheap labour somewhere else, as we discussed in IRC a few hours ago
Why Microsoft is Collapsing (Similar to What's Happening at IBM), As Insiders See It: IBM seems like one heck of a mess
Reliable Computing Means Free (Libre) Computing: Sites that want to promote security ought to deal with the biggest issues
Links 31/05/2025: US Court Orders Sides With RFE/RL, War Updates From Ukraine: Links for the day
Gemini Links 31/05/2025: ARM Server and power_supply Subsystem: Links for the day
Links 31/05/2025: Slop Stigmatised as Disinformation, Catalyst/Driver of "Death of Communication": Links for the day
Common Sense 101: Do Not Write Blog Posts Saying You Want to Murder Colleagues (or Yourself): Only crazy people would think stabbings are a joke
Microsoft Bankruptcy: "Microsoft unit in Russia to file for bankruptcy, database shows"
Techrights Does Not Compete With LLM Slop, It Exposes the Bastards, Plagiarists and Scammers Who Do That: People like Scam Altman, still facing a lawsuit from his own sister for sexual abuse against her
Links 31/05/2025: Microsoft-Connected Builder.ai is a Fraud and US is Purging Students Based on Race/Nationality: Links for the day
Gemini Links 30/05/2025: Limmat, Doomscrollers, and Arguments Parsing: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, May 30, 2025: IRC logs for Friday, May 30, 2025