Reply to post: Re: "the SMB server bug is the result of a buffer overflow in Microsoft's code. "

74 countries hit by NSA-powered WannaCrypt ransomware backdoor: Emergency fixes emitted by Microsoft for WinXP+

HereIAmJH

Re: "the SMB server bug is the result of a buffer overflow in Microsoft's code. "

"Yes, and patched automatically in all supported versions before this happened. "

I would be surprised if MS is actually fixing bugs in SMBv1. Windows 7+ and Windows 2008+ support SMBv1, but default to SMBv2. So they don't use the protocol unless the remote forces them to downgrade. The 'fix' that has been around for a while is registry setting to turn off the SMBv1 protocol. Just like we did for SSLv3 (and now the lower TLS versions). Anyone who has done PCI scans has seen this working through the system for a while.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon