Microsoft has issued a patch for the Server Message Block (SMB) v2 vulnerability.
The issue, which affects Vista or Windows Server 2008 users, was added to a Microsoft security advisory. It claimed that it was ‘not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time'.
However, it did claim that it was aware of exploit code developed by Immunity and released to customers who subscribe to the CANVAS Early Updates program.
A blog post by MSRC Engineering's Mark Wodrich and Jonathan Ness, said: “We have analysed the code ourselves and can confirm that it works reliably against 32-bit Windows Vista and Windows Server 2008 systems. The exploit gains complete control of the targeted system and can be launched by an unauthenticated user.
“The exploit can be detected by intrusion detection systems (IDS) and firewalls that have signatures for the vulnerability being targeted (CVE-2009-3103). This exploit code from Immunity is only available to a small group of companies and organisations who will use it to determine the risk to their own networks and systems, or those of their customers.”
Wodrich and Ness recommended mitigating factors that could aid in preventing attacks, including disable SMBv2 using a simple registry script or the Fix It, as disabling SMBv2 prevents the vulnerable code from being reached.
Wodrich and Ness said: “Even with the above mitigations, we're not slowing down our investigation, and are working on an update that can be delivered for all customers. The product team has built packages and are hard-at-work testing now to ensure quality.
“We are keeping a close eye on the changing landscape and balancing this against the remaining test actions to determine the best ship schedule to bring a quality update to customers.”