Beware the claws that rend
HACKERS HAVE LOOSED a new attack code that exploits a critical flaw in Windows Vista and Windows 2008 Server.
The Vole has known about this hole in its operating systems since 7th September, but now it seems that there is at least one program that exploits it.
The new attack was penned by Harmony Security senior researcher Stephen Fewer and it lets the attacker run unauthorized software on the victim's computer, in theory making the vulnerability a much more serious problem.
The exploit code was added to the open sauce Metasploit penetration testing kit yesterday.
Another outfit called Immunity developed its own attack code for the bug, but that code is available only to the company's paying subscribers.
Metasploit developer HD Moore said the exploit works on Windows Vista Service Pack 1 and 2 as well as Windows 2008 SP1 server.
However Immunity Senior Researcher Kostya Kortchinsky told PC World the attack was not completely reliable. He could only get the Metasploit attack to work on Vista when it was running within a VMware virtual machine session. Outside VMware it just caused Windows systems to crash.
The underlying flaw lies in the server message block version 2 (SMB 2) system, introduced in Vista. The flaw apparently has been patched in Windows 7.
On 18 September Microsoft released a Fix-It tool that disables SMB 2, and the company said then that it was working on a fix for its software.