Wednesday, September 30, 2009

Attention all Windows Vista and Windows Server 2008 Users!

An Exploit Code Has Been Released To The Public!
And Microsoft Has Yet To Respond!

What Is The Problem?

An SMBv2 vulnerability, which has just been made public yesterday, was kept private until now. And apparently for good reason. This "new" exploit is not new at all. Microsoft has known about it for over a week and have done nothing to fix the problem.

What is SMBv2?

SMBv2 was created and released by Stephen fewer at Harmony Security. It is a hole, or code vulnerability which will allow attackers to install malware, Trojans, or open any backdoor they want. This hole was first announced to Microsoft as a non-critical DDoS attack, which then spawned a worm and the exploit code that was released yesterday. This vulnerability affects every version of Windows Vista with SP1 and SP2, including the Ultimate and Business Editions, which are the most popular with professionals and small business owners, and Windows Server 2008 with SP1.

And The Next Microsoft Patch Release Date Isn't For Another Two Weeks!

The Last release date was YESTERDAY, September 29th and Microsoft did nothing! So While Microsoft is STILL doing nothing to fix the exploit, even though they have known about it since September 17th, what are you, the one with the possibly vulnerable system, supposed to do? Just sit and wait until Microsoft issues a patch? All the while hoping and praying that your home system or, the Gods forgive me for saying this, your business doesn't get hit? Well that is what potential attackers are hoping for. They are praying that this has been so hushed that you will do absolutely nothing to ward off the problem before it's too late. That is why you need to take action NOW!

So How Do I Defend My System NOW?

Well, according to, you should impliment the "one click "fix it". This should allow any user of teh Vista and Server systems to fend off pending attacks. You can find more information on this fix HERE. Also, you could always upgrade to the new Windows 7, but that will have to wait for another post on another day... Check back in a few days, as I managed to get a free copy of Windows 7 professional because of my being a student at Kaplan University, complements of the MSDN, and I will be installing it in a virtual machine, essentially running a few different operating systems in one. I will tell you all about it in my next post! Stay Tuned!

No comments:

View My Portfolio & Samples

View Samples at Virtual Copy and JC Torpey's Portfolio.

Get writing tips and general news at the VCopy Blog.