A fully functional exploit for the security vulnerability in the SMB2 protocol implementation has been published. It can be used to discover and attack vulnerable Windows machines remotely. By integrating the exploit into the Metasploit exploit toolkit, attackers have access to a wide range of attack options, ranging from issuing a warning to setting up a convenient backdoor on a user's system.
Windows Vista, Windows Server 2008 and the Windows 7 Release Candidate are all vulnerable, although the bug has been fixed in the final version of Windows 7. Microsoft has not yet released a patch for the security vulnerability, which was first disclosed nearly three weeks ago. The software giant has released one-click instructions for disabling the vulnerable SMB2 protocol, but there are sure to be many users who fail to follow them.