Security Research & Defense

Browse by Tags

All Tags » SMB (RSS)

Monday, October 12, 2009 7:58 AM

MS09-050: Exploit timeline for the SMB2 RCE vulnerability

This month we are releasing update MS09-050 to address the SMBv2 RCE vulnerability (CVE-2009-3103). Due to the fact that public exploit code exists for this vulnerability, we felt it would be good to summarize the exploit landscape at the time of release,

Posted by swiblog | (Comments Off)

Filed under: SMB, network protocol, MS09-050, SMB2, exploit timeline

Friday, September 18, 2009 10:00 AM

Update on the SMB vulnerability situation

We’d like to give everyone an update on the situation surrounding the new Microsoft Server Message Block Version 2 (SMBv2) vulnerability affecting Windows Vista and Windows Server 2008. Easy way to disable SMBv2 First exploit for code execution released

Posted by swiblog | (Comments Off)

Filed under: Mitigations, Workarounds, SMB, exploitation, Risk Asessment, Zero-Day Exploit

Tuesday, April 14, 2009 9:57 AM

MS09-013 and MS09-014: NTLM Credential Reflection Updates for HTTP clients

This month we are taking another step towards blocking NTLM reflection attacks by releasing MS09-014 for Internet Explorer and MS09-013 for Windows. This is the third update related to NTLM credential reflection we have released, and I thought it would

Posted by swiblog | (Comments Off)

Filed under: Mitigations, SMB, security zones, network protocol, Risk Asessment

Friday, January 09, 2009 12:24 PM

MS09-001: Prioritizing the deployment of the SMB bulletin

This month we released an update for SMB that addresses three vulnerabilities. This blog post provides additional information that might help prioritize the deployment of this update, and help explain the risk for code execution. In the bulletin you will

Posted by swiblog | (Comments Off)

Filed under: SMB, rating, kernel, Exploitability

Tuesday, November 11, 2008 10:40 AM

MS08-068: SMB credential reflection defense

Today Microsoft released a security update, MS08-068 , which addresses an NTLM reflection vulnerability in the SMB protocol. The vulnerability is rated Important on most operating systems, except Vista and Windows Server 2008 where it has a rating of

Posted by swiblog | (Comments Off)

Filed under: Mitigations, Workarounds, signing, SMB, rating, network protocol

Thursday, December 27, 2007 1:47 PM

MS07-063 - The case of the insecure signature

MS07-063 addresses a weakness in the SMBv2 message signing algorithm. SMB signing is a feature enabled by default on domain controllers to prevent man-in-the-middle attacks. As you can imagine, if an attacker on your local subnet can tamper with the SMB

Posted by swiblog | 3 Comments

Filed under: network capture, network, signing, SMB

Attachment(s): smbv2_001.pcap