What I want to know...
...is how big a threat was this in reality. Have there been any major exploits using this in the last 7 years?
Microsoft has explained why it took seven years to patch a known vulnerability. Fixing the bug earlier would have taken out network applications and potential exploits alike, it explained. Security bulletin MS08-068 fixed a flaw in the SMB (Server Message Block) component of Windows, first demonstrated by Sir Dystic of Cult of …
IF MS were to make the o/s as solid as possible it would break lot`s of stuff. It would piss off vendors. Well then they would have to code right and stop sloppy programing.
Remember when vista was in beta and MS deiced that no program should be allowed to modify the kernel. AV guys cried foul.
I was working in the industry back then, and what I remember was monthly patches to the SMB library.
Month after month there was new hotfixes to this library until one day, over a year later, it was mysteriously replaced with the original SMB library and everyone forgot about the flaw.
Imagine my surprise when it became an issue once more!
How long has this guy been working for m$?
"The patch does NOT address the case where the attacker relays the connection to a third-party host that the victim has access to," Metasploit said."
So, first they need 7 years to fix the issue, probably with the help of the Samba team, which MS embraced not too long ago, but still manage not to fix the issue completely.
Wanted to say "I told you so", but somehow can't seem to bother. Which is actually a good tactic often employed by politicians as well. Fsck thing's up and continue on that path until the people affected just don't care any more...
So not only does MS not give 2 craps about using the end users to beta test their crappy software, but apparently corporate secrets are worth less to companies than flashy programs. No wonder the economy is spiraling out of control. The decision makers in the companies are mostly a bunch of dumb asses, who got their positions becuase they were braggarts with nothing to back up the hype (sounds kinda like the people who run MS too, and every large company I've worked for, and some small "big company" wanna-be's who make their decisions by asking, what would the big companies do?). The a big idiot circle jerk where the heads would sooner see the companies implode than be blamed for their extremely poor decisions. If they knew anything about the potential security risks, IT wouldn't require MS certifications, it would just require general IT knowledge and maybe some kind of degree, but I know at this time this is only a fantasy of mine, and reality is apparently more expensive than keeping a company from slowly imploding.
Imagine what MS Live Search must be doing with sensitive corporate info by shooting almost everything a social engineer would need right out to the network/internet. I was actually employed when they "forced" us to use that crappy piece of crap at Bausch and Lomb. Their so digital now they can barely get anything done that used to be done on paper, 8-O <- that's my surprised face, I mean, who could have known? All the kiss-asses that get to give advice to ass-management don't know ANYTHING unless it beeps and sparkles when you click on it and can be put into an awesome power point presentation! The insane thing? Every big company has gone past this point of no return, becuase they have already fired the people who knew how to do it right.
But what the hell do I know? Bastards!
Ha ha ha ha ha ha ha ha ha ha!
I'm not sure whether this is a record or not but it's certainly another reason why no-one with any other viable option should buy anything from MS.
As for the fix breaking network apps. If the apps are reliant upon an undocumented bug which is affecting the security of the OS then the application writers need to be taken out and kicked in the groin for not writing according to published standards. Wait a minute, MS publishing standards? Outlook, Excel... who wrote those again?
"Farce" is the best word I can think of to describe this one.
Paris - because unlike some, the expliots that would have worked on her 7 years ago are no longer viable.