Tuesday, September 29. 2009
SMB2 Exploit Out - Disable SMB2 Now
As you all may know by now, the Metasploit development team has released a working remote code execution exploit for the SMB2 vulnerability. Please take a detailed look at this advisory from Microsoft. The current, and simplest workaround is by disabling SMB2. The steps are provided in the "Workaround" section of the advisory.
There is no patch for this yet - Microsoft has yet to issue one yet and the next patch cycle is on the second Tuesday of October (13th). We'll wait with bated breath for malware that will exploit this vulnerability.
Interestingly, Malaysia Computer Emergency Response Team does not seem to think this vulnerability is serious. At the time of this blog post there are no advisories in their website related to this vulnerability at all. On the other hand, Microsoft released an advisory as early as 8th September.
There is no patch for this yet - Microsoft has yet to issue one yet and the next patch cycle is on the second Tuesday of October (13th). We'll wait with bated breath for malware that will exploit this vulnerability.
Interestingly, Malaysia Computer Emergency Response Team does not seem to think this vulnerability is serious. At the time of this blog post there are no advisories in their website related to this vulnerability at all. On the other hand, Microsoft released an advisory as early as 8th September.
Trackbacks
Trackback specific URI for this entry
No Trackbacks
Comments
Display comments as
(Linear | Threaded)
bro i think this is not the right time to expose this matter.. since the patch is not available and the workaround is not the answer.. the exploit is out.. the new worm is set to launch for sure.. it come to my attention when a girl at my college was crying all day long bcos of some kiddie using the first version of dos exploit against her while she working with tomorrow due asgnmnt.. damn, now the rce version is out
i hope LG will be in the top "RM -RF" list right after HDM
-antisex-
i hope LG will be in the top "RM -RF" list right after HDM
-antisex-
It's a public exploit now - and the advisory and workarounds have been out since Sept 8. Just Google for "smb2 exploit" and it's all over the Internet.
Apparently for 'structured threat' and network forensics l337 like the author of this blog, availability of exploit is important because (1) he can't code one 
(2) Life and work depends on ./
But that is still ok to me lah lots of people do that to make a living. The lame part is when one tries to project him/herself as bigger than those who actually wrote the code or does vulnerability research.
(2) Life and work depends on ./ But that is still ok to me lah lots of people do that to make a living. The lame part is when one tries to project him/herself as bigger than those who actually wrote the code or does vulnerability research.
hahahha... dont dare to kutuk2 the author.. do u want get hacked by the l33t haxor hackers? 
8th September was the advisory for BSOD la bro.. only last week remote code execution.. found by Immunity guy
Yeap This was aware last month only BSOD SANS cover it on 8 Sept
By the way ISS post this on Sept 09 http://blogs.iss.net/archive/smb0day.html ans STATE
"After some further analysis, it’s apparent that it could be leveraged for remote code execution, as has been reported elsewhere. "
Not many aware maybe because infecting Vista and Above.. while many of us still using windows XP
only BSOD SANS cover it on 8 Sept By the way ISS post this on Sept 09 http://blogs.iss.net/archive/smb0day.html ans STATE
"After some further analysis, it’s apparent that it could be leveraged for remote code execution, as has been reported elsewhere. "
Not many aware maybe because infecting Vista and Above.. while many of us still using windows XP
For info..forum hack...jasakom.com got hack by malaysia hacker
[url]www.jasakom.com[/url]
[IMG]http://img121.imageshack.us/img121/1056/jasakomv.jpg[/IMG][/QUOTE]
[url]www.jasakom.com[/url]
[IMG]http://img121.imageshack.us/img121/1056/jasakomv.jpg[/IMG][/QUOTE]
heheh..all malaysia website so EASY to GODAM... =)
please patch ure server..!!!! itu sahaja boleh protect server anda? dapatkan di security link web yang ada..!!!!
please patch ure server..!!!! itu sahaja boleh protect server anda? dapatkan di security link web yang ada..!!!!
Add Comment
Before you post a comment, please take note of the following guidelines:
- Commenting is provided as a courtesy only.
- Please be brief and relevant to the post.
- Please be polite even in disagreement with us or others.
- Support claims you wish to make using sources and links.
- No personal attacks, name calling, or commercial commenting.
- Anyone creating false or multiple identities will be banned.
- If you don't have a cogent argument, you will be censored.
- If you are purposefully deceptive, you will be censored.
- No spamming or flooding.
Comment policy copied and modified from Spin Hunters.
DISCLAIMER
All data and information provided on this site is for informational purposes and on an *as-is* basis.
This weblog does not represent the thoughts, intentions, plans or strategies of our employers. It is solely our opinion and views as security professionals.
Feel free to challenge us, disagree with us, or even tell us that we are a complete mindless and brainless monkeys in the comment section of the blog entry.
This weblog does not represent the thoughts, intentions, plans or strategies of our employers. It is solely our opinion and views as security professionals.
Feel free to challenge us, disagree with us, or even tell us that we are a complete mindless and brainless monkeys in the comment section of the blog entry.
Report Defacements of Malaysian Website
Tags
watchlist gcert worm exploit strong password harimau outbreak how to create password cybersecurity malaysia virus dubai myhack niser security analysis apple hitbsecconf2008 kuala lumpur pink rabbit vnsecurity leopard downadup password python edu.my conficker hitbsecconf2008 cimb phishing hackinthebox comment spam ctf mycert bank wireless lubuntu network analysis hacked hitbsecconf2008 dubai conference xss personal data privacy honeynet my-honeynet cyber terrorism scam general os x cuciotak scamming hex phishing site spam news information disclosure maybank2u hacking maybank phishing impact bro-ids sql injection malware events nsm alien_005 tools stupidity hackermalaysia defaced hitbsecconf joomla! hitb web vulnerability malaysia defacement
Recent Entries
Defaced - http://www.webschool.com.my
Defaced - http://cic.jobsmalaysia.gov.my
Defaced - http://cuil.com.my
Defaced - http://www.photodelivery.com.my/cart/
Defaced - http://webapp.uthm.edu.my
Defaced - http://www.afm.org.my
Hacked - http://www.crsm.org.my
Defaced - belianiaga.com
Defaced - teddymarry.com
Mass defacement on BaitulBytes Hosting
February 8 2010
Defaced - http://cic.jobsmalaysia.gov.my
February 8 2010
Defaced - http://cuil.com.my
February 8 2010
Defaced - http://www.photodelivery.com.my/cart/
February 8 2010
Defaced - http://webapp.uthm.edu.my
February 8 2010
Defaced - http://www.afm.org.my
February 5 2010
Hacked - http://www.crsm.org.my
February 4 2010
Defaced - belianiaga.com
February 3 2010
Defaced - teddymarry.com
February 3 2010
Mass defacement on BaitulBytes Hosting
February 3 2010
