10 days ago first exploit code for the security vulnerability in the SMBv2 protocol appeared in the underground. Today working exploit code for the open source penetration testing framework Metasploit was released. Therewith it is possible for the cybercriminals to produce malware which infects vulnerable systems – Windows Vista, Windows Server 2008 and Windows 7 up to Release Candidate 1.
Now administrators should take countermeasures if they haven’t done so yet. Microsoft doesn’t provide a patch to solve the issue, but offers a “1-click-tool” which disables SMBv2 services on the affected systems. This can have a small performance impact. Another suggested solution by Microsoft is to block traffic to the TCP Ports 139 and 445 – which would disable Windows Network Sharing altogether.
We’re constantly monitoring the malware scene – if malware using this attack vector appears we can protect our customers very fast. Anyhow it is a good idea to implement the workaround with the Fix-it-for-me-tool.