Tuesday, September 29, 2009

The new attack code poses a threat on Vista users, while Windows 7 and XP crack-resistant.

The Microsoft is under the pressures after hackers have publicly released the new attack code that exploits a critical bug in the line of Microsoft oprating systems, including Windows Vista Service Pack 1 and 2, Windows 2008 SP1, SP2 server.

Although this vulnerabilty issue has been known since Spetember the publicly available programs that can use that bug haven't been able to do anything except crash the operating system. However, a new attack code developed by Harmony allows to run unathorized software on cracked PC making it much more serious problem for Microsoft. The attack code was added to the company's open-source Metasploit penetration testing kit making the code widely available.

From other side, a software company called Immunity recently developed its own attack code for the bug, but that code is available only to the company's paying subscribers. And although the atack code is claimed to potentially work on both Windows Vista and Windows 2008 (Service Pack 1 and 2) the code may not be completely reliable, according to Immunity Senior Researcher, who stressed that he could get the Metasoft Attack to work only on the Windows Vista operating system running within a VMware virtual machine session. He added "When he ran it on native Windows systems, it simply caused the machines to crash."

In turn a Metasploit developer said that the attack definitely worked on at least some physical machines, but looks like it could use more testing.

Either way, the public release of this code should put Windows users on alert. Security experts worry that this code could be adapting to create a self-copying worm attack, much like last year's Conficker outbreak. It might seems strange but unlike Conficker, this attack would not affect older Windows XP, Windows Server 2003,or Windows 2000 systems. That's because the underlying flaw that all of these programs exploit lies in the SMB (server message block) version 2 system, introduced firstly in Vista.

Microsoft has confirmed that Immunity's attack works on 32-bit versions of Vista and Windows Server 2008, but did not have any immediate comment on the Metasploit code.

According to Immunity Senior Researcher the flaw has been patched in Windows 7, yet Microsoft released a Fix tool that disables SMB 2, and the company said that it is working on a fix for the software.

No comments:

Post a Comment