Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft to Issue Emergency Patch For File-Sharing Hole

timothy posted more than 5 years ago | from the safest-version-of-windows-ever dept.

Windows 348

An anonymous reader writes "Microsoft said late Wednesday that it plans to release a critical security update today to plug a security hole present in all supported versions of Windows. The company hasn't released any details about the patch yet, which is expected to be pushed out at 1 p.m. PT. Normally, Redmond issues security updates on Patch Tuesday, the second Tuesday of each month. The Washington Post's Security Fix blog notes that each of the three times in the past that Microsoft has departed from its patch cycle, it was to fix some really nasty vulnerability that criminals already were exploiting to break into Windows PCs." Reader filenavigator points out an article which describes the hole as an SMB vulnerability, and says it "allows anyone to access a Windows machine remotely without any user name or password. Any machine that exposes Windows file sharing is vulnerable." Update: 10/23 17:42 GMT by T : Reader AngryDad adds a link to Microsoft's more detailed memo.

cancel ×

348 comments

Sorry! There are no comments related to the filter you selected.

Cool (0, Troll)

KasperMeerts (1305097) | more than 5 years ago | (#25484241)

Gonna try this one out on the College Network right now. Shouldn't be using Windows if they don't want all their files deleted now should they?

Re:Cool (5, Funny)

iztehsux (1339985) | more than 5 years ago | (#25484279)

Still got plenty of time before this afternoon to turn your college campus into a botnet!

Re:Cool (4, Insightful)

Ethanol-fueled (1125189) | more than 5 years ago | (#25484385)

Don't worry, the NSA and the RBN have plenty of Windows Backdoors(tm) left to use.

Samba Interoperability? (2, Funny)

Philip K Dickhead (906971) | more than 5 years ago | (#25484407)

Why patch? Looks like they went a long way to achieve this [slashdot.org] already!

Re:Cool (1)

nurb432 (527695) | more than 5 years ago | (#25484831)

Considering how many people run un-patched, i don't think there is any hurry.

Re:Cool (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#25484933)

Originally read that as "Still got plenty of time before this afternoon to turn your college campus into a brothel!" Sounds like much more fun, really.

This is why... (4, Funny)

TrippTDF (513419) | more than 5 years ago | (#25484243)

...I don't use computers. They are too much of a security risk.

Re:This is why... (1, Funny)

TheNecromancer (179644) | more than 5 years ago | (#25484259)

If you don't use computers, how did you post on /.?

Re:This is why... (4, Funny)

TrippTDF (513419) | more than 5 years ago | (#25484283)

I don't.

Re:This is why... (3, Funny)

bradkittenbrink (608877) | more than 5 years ago | (#25484399)

then I think somebody may have hacked your account...

Re:This is why... (5, Funny)

Lord Pillage (815466) | more than 5 years ago | (#25484551)

Weren't you listening? He doesn't use computers therefore he doesn't have an account! Some people just don't get the logic in that...

Re:This is why... (4, Funny)

The Gaytriot (1254048) | more than 5 years ago | (#25484369)

Who are you replying to?

Re:This is why... (5, Funny)

Anonymous Coward | more than 5 years ago | (#25484401)

Simple: Call up your ISP and make the correct noises. Real men don't use modems.

Re:This is why... (4, Funny)

_Sprocket_ (42527) | more than 5 years ago | (#25484687)

Simple: Call up your ISP and make the correct noises. Real men don't use modems.

Whistling in to a phone?! REAL men use butterflies [xkcd.com] .

Re:This is why... (1)

phedre (1125345) | more than 5 years ago | (#25484597)

Perhaps he just whistles the proper tones into his phone. So if he makes a lot of typos, it's probably understandable..

Re:This is why... (2, Funny)

LearnToSpell (694184) | more than 5 years ago | (#25485031)

Must be a lot of people doing that around here...

Re:This is why... (2, Funny)

Ngarrang (1023425) | more than 5 years ago | (#25484719)

If you don't use computers, how did you post on /.?

Maybe he was dictating his response to someone who does have aaaaaaaaa...

Re:This is why... (1, Redundant)

MikeDirnt69 (1105185) | more than 5 years ago | (#25484915)

If you don't use computers, how did you post on /.?

Typewriter.

Let's hope (5, Funny)

cnettel (836611) | more than 5 years ago | (#25484267)

Let's hope that the renewed Samba compatibility effort by MS means that this bug will be ported over.

Re:Let's hope (5, Interesting)

Anonymous Coward | more than 5 years ago | (#25484459)

It was probably the shared Samba experience that gave them the idea on how to fix the bug.

I don't understand how the bug works, but I know one has been around. You can find hack tools for script kiddies out there that will exploit this automagically for people. I have even used it in the past to get some files from a computer that no one knew the password to and the key to the server room was broken off in the lock making physical access imposible until a locksmith was available.

Thankfully, the old tech (who broke the lock on his way out after resetting everyone's password) kept all the passwords in scripts that I could recover and use to change passwords to something usable. The owner of the company wanted me to testify in court to the old Techs actions and even offered me a permanent contract, I told him all I wanted was a check, I don't want anything to do with a company that pissed their old tech off that bad after 5 years of service.

Re:Let's hope (1)

kesuki (321456) | more than 5 years ago | (#25484769)

and they modded me +5 funny for 'it's a feature' http://it.slashdot.org/comments.pl?sid=130544&cid=10893558 [slashdot.org] when smbfs (now samba) had a remote execution of attacker supplied code bug.

i am so proved right.

Maybe.. (2, Funny)

cirrustelecom (1353617) | more than 5 years ago | (#25484281)

At least they didn't describe it as a MAC vulnerability

Damn Fossies (2, Funny)

Ynot_82 (1023749) | more than 5 years ago | (#25484289)

Those damn FOSSies can gain access to SMB shares
Quick, patch it....

More info already posted... (4, Informative)

Spazholio (314843) | more than 5 years ago | (#25484315)

Useless Windows Update (4, Interesting)

Jabbrwokk (1015725) | more than 5 years ago | (#25484523)

Why hasn't this been caught in the 3,000 previous security issues patched for Windows? It seems like kind of a biggie. In that list you linked to (thank you) it's present in all service packs for XP (the only Windows I use).

I don't have any of the affected services enabled so it doesn't affect me, but I think a lot of that stuff is on or can be easily activated by default.

Again, why did it take so long to catch this one? The tinfoil hat backdoor NSA spook theories seem almost believable.

Re:Useless Windows Update (1)

jonbryce (703250) | more than 5 years ago | (#25484689)

Most people block port 139 at the firewall, so it shouldn't be an issue.

Re:Useless Windows Update (3, Insightful)

dave562 (969951) | more than 5 years ago | (#25484875)

Shouldn't be an issue? What world are you living in? What happens when it gets crafted into an email or web exploit and someone inside the permimeter visits SeeMyBoobs.com and their now zombied desktop owns your servers?

Re:Useless Windows Update (1)

kitgerrits (1034262) | more than 5 years ago | (#25484943)

From TFA:
The vulnerability lies with the Windows Server service, and more specifically with Microsoft's implementation of "remote procedure call" (RPC),
a communications technology deeply embedded in the Windows operating system that allows a program to execute another process on a remote system.

From the looks of it, simply blocking SMB won't do the trick.
Remember Blaster? That was also a RPC trick.
Killing the RPC service might work, but you'd be surprised at how Windows reacts to that.
(hint: shutdown -a is your friend)

Critical vs Important (1, Interesting)

TheNinjaroach (878876) | more than 5 years ago | (#25484655)

I notice on that page that the aggregate security rating is listed as 'Critical' for all versions of Windows up to Vista. All of the Vista and Server 2008 security ratings are listed as 'Important' even though they still allow for remote code execution..

Has Microsoft watered down the wording of 'Critical' to 'Important' simply to make newer versions of their OS sound like they are more secure?

Re:Critical vs Important (5, Informative)

quantumplacet (1195335) | more than 5 years ago | (#25484717)

No, if you RTFA article, on newer versions the overflow will still work, but require authentication, making it Important. On older versions the exploit can work with no authentication making it Critical. Microsoft has always used this labeling convention for patches.

Re:Critical vs Important (5, Funny)

Narnie (1349029) | more than 5 years ago | (#25484731)

The difference between XP and Vista will be a little pop up on Vista that will ask you if you want to run the RCP exploit n@5Ty.tr0g1n

Re:Critical vs Important (1)

residieu (577863) | more than 5 years ago | (#25485019)

Well, duh. Of course I do. That's that porn movie with all the "actors" in bad greek costumes, right?

Re:Critical vs Important (1, Insightful)

Anonymous Coward | more than 5 years ago | (#25485077)

To which all Vista users, now well trained in clicking OK to UAC messages without reading them, will click OK once again and the exploit will continue on its merry way!

Re:Critical vs Important (1)

dedazo (737510) | more than 5 years ago | (#25484995)

No, because those require authentication for the exploit to work.

They don't "sound" like they're more secure, they are. At least in this particular context.

FREEOWW!!! (2, Interesting)

mcgrew (92797) | more than 5 years ago | (#25484393)

allows anyone to access a Windows machine remotely without any user name or password. Any machine that exposes Windows file sharing is vulnerable

Yet this comment [slashdot.org] in the "Can You Trust Anti-virus Rankings?" thread, where I noted that a dual boot with internet for linux and with networking disabled in Windows was better than AV was modded down. Of course, a lot of MSCEs and Microsoft employees come to slashdot, and I'm sure a few get mod points once in a while. No matter, my karma's fine.

And yes, kiddies, you DO need a firewall for ANY OS and any OS is prone to trojans. But no AV will protect you against an unknown trojan OR the vuln mentioned in TFA, and no firewall will keep out someone you explicitly let in.

<tinfoil hat>
Some might wonder if this vuln was introduced on purpose as a weapon against the Pirat Bay? You can bet that a lot of people are uninstalling Kazaa, Morpheus, and all other legit and illigit P2P apps. Getting rid of P2P is a blow against FOSS and indie music.

Re:FREEOWW!!! (2, Funny)

flyingfsck (986395) | more than 5 years ago | (#25484509)

"Any OS must be behind a firewal" - So do you put your firewall behind a firewall?

Re:FREEOWW!!! (5, Funny)

Anonymous Coward | more than 5 years ago | (#25485007)

It's firewalls all the way down.

Re:FREEOWW!!! (1)

GlassHammer (1336191) | more than 5 years ago | (#25484545)

Thats funny my home setup is dual boot linux(Fedora) and Windows XP. Linux can connect to the internet and Windows can't. Seems to work fine for me.

Re:FREEOWW!!! (1, Informative)

Anonymous Coward | more than 5 years ago | (#25484567)

This is a problem with filesharing over local networks using SMB. Not P2P transfers. This has nothing to do with piracy.

Re:FREEOWW!!! (-1, Flamebait)

einer (459199) | more than 5 years ago | (#25484619)

I don't have any modpoints, but I do have karma to burn. You're a dipshit. Stop typing.

Re:FREEOWW!!! (0, Flamebait)

Zironic (1112127) | more than 5 years ago | (#25484647)

windows file sharing has to my knowledge absolutely nothing to do with any P2P program.

Re:FREEOWW!!! (1)

hplus (1310833) | more than 5 years ago | (#25484757)

Disclaimer: I don't think that the tinfoil hatter is correct that this is in any way designed to combat piracy. Since you are posting on /., your technical knowledge is obviously higher than the average person's. Thus, whether or not SMB has anything to do with P2P to your knowledge is irrelevant. The important thing is if they are related in the mind of the average computer user, whose kid pirates the occasional album/movie.

The public doesn't know that (1)

tepples (727027) | more than 5 years ago | (#25484941)

windows file sharing has to my knowledge absolutely nothing to do with any P2P program.

True, which is why I tagged the article !p2p, but the public doesn't know that. The news media, owned by the proprietary entertainment industry, have associated "file sharing" with programs such as LimeWire, eMule, and BitTorrent.

Re:FREEOWW!!! (1)

rootofevil (188401) | more than 5 years ago | (#25485043)

there was an old one, back in 2000-ish that had a web interface, and downloads were basically just copying from other open windows shares. cant remember what the same of it was though.

Re:FREEOWW!!! (1)

truthsearch (249536) | more than 5 years ago | (#25484659)

At my office we have a few Windows computers just for testing. Those dedicated machines, connected to the internet and with anti-virus, have had a fair amount of issues (suspicious background processes, excessive network usage, etc.). I test with Windows running inside of Parallels, typically only "networking" to localhost, and my copy with no anti-virus has had no problems at all.

So I completely agree with you... even if your post has already been modded flamebait.

i want to see a worm (0)

Anonymous Coward | more than 5 years ago | (#25484437)

please, code it fast!!!, and make it as nasty as you can.

windows (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#25484461)

is still better than OSX

Re:windows (0)

Anonymous Coward | more than 5 years ago | (#25484693)

no seriously, it is!

Pretty serious (5, Informative)

IceCreamGuy (904648) | more than 5 years ago | (#25484483)

I first saw this a couple days ago on the CERT bulletin, http://www.us-cert.gov/cas/bulletins/SB08-294.html [us-cert.gov] , and http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4038 [nist.gov] , most serious vulnerability I've ever seen up there:

Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type:Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

In other words: any idiot on your network can gain admin access to any attached Windows-based system with file-sharing enabled. I'm really glad that they're releasing an emergency patch for this, because that's a pretty fucking crazy description of an exploit, especially since it affects all versions of their last 10 years of operating systems.

Re:Pretty serious (0)

Anonymous Coward | more than 5 years ago | (#25484711)

Actually that was a different (though similar) vulnerability it looks like. They linked to http://www.microsoft.com/technet/security/Bulletin/MS08-063.mspx [microsoft.com] but this is MS08-067.

Re:Pretty serious (1)

IceCreamGuy (904648) | more than 5 years ago | (#25484937)

MS08-067 is an RPC vulnerability, and is indeed linked to in the summary as of the most recent update. However, the summary also states that it is an SMB vulnerability, which is MS08-063. I think one of the updates in the summary is talking about the wrong vulnerability, since they really aren't that similar. It appears from this article [intelliadmin.com] , though, that they are actually releasing the emergency patch for the SMB exploit in MS08-063, not the RPC vulnerability.

Re:Pretty serious (1)

networkzombie (921324) | more than 5 years ago | (#25484881)

Re:Pretty serious (2, Informative)

IceCreamGuy (904648) | more than 5 years ago | (#25484967)

Dude, you have to use the "static link" on the NIST page for that to work...

Re:Pretty serious (4, Informative)

Lord Ender (156273) | more than 5 years ago | (#25484935)

That's not the scary part. The scary part is that this can be made into a worm which uses a service which is installed by default on almost every windows system, and does not require user interaction to exploit. It's the perfect worm-bait. It's like a von neumann machine near the galactic core.

Re:Pretty serious (2, Informative)

secPM_MS (1081961) | more than 5 years ago | (#25485061)

Actually, it is rather more like the Zotob vuln than the Blaster vuln. It is a crit on earlier systems, but requires authenticated privledges on Vista and 2K8 server due to the implementation of the integrity level defenses in Vista and 2K8. That said, the potential for damage with this vulnerability is high and there were reports of attacks in the wild. Thus, Microsoft released out of the standard release cycle.

Does this mean . . . (4, Funny)

arizwebfoot (1228544) | more than 5 years ago | (#25484505)

I need to dust of my IMB Selectric III?

Re:Does this mean . . . (4, Insightful)

Akardam (186995) | more than 5 years ago | (#25484771)

Perhaps if you're going to do that you might want to dust off your typing skills, as well...

Re:Does this mean . . . (1)

arizwebfoot (1228544) | more than 5 years ago | (#25484855)

What's wrong with my Selectric III?

Re:Does this mean . . . (0)

Anonymous Coward | more than 5 years ago | (#25484931)

What's wrong with a Selectric III, I've had a I, a II, and a III? Heavy as boat anchors.

Re:Does this mean . . . (1)

TinFoilMan (1371973) | more than 5 years ago | (#25485083)

I've had a Selectric III as well, loved being able to change out the font balls.

135 (3, Insightful)

Zebra_X (13249) | more than 5 years ago | (#25484507)

Has been windows' stink hole for the last 10 years. Lets hope that most people have learned they need to cover it up.

When is enough, enough? (2, Insightful)

ryanw (131814) | more than 5 years ago | (#25484543)

Microsoft has had something like this occur regularly enough that I found myself already skipping to the next story without even reading the complete heading.

I still cannot understand why major corporations run Windows of any version in enterprise server farms. They've had so many warning signs, so many high security breaches, so many alarms, and they're still very "ho-hum" about it.

If you read the post slowly and actually acknowledge what it says, it's saying that ever since the incarnation of Windows elite hackers from Russia (or anywhere else) have been able to steal files on any machine with no problem. The underground top hackers have exploits that they guard with top secrecy and keep in their box of tricks when nothing else "known" is working.

Come on, seriously! No other product provider on the planet would be allowed such leniency. Microsoft never feels any repercussions of any of these incredible security holes. They don't even loose business over it! When is enough, enough????

Security administration? (0)

tjstork (137384) | more than 5 years ago | (#25484669)

I know f--- at all about linux security but is there something for it that works like AD. i mean, managing a user list on one linux box is pretty easy but how do you handle permissions for thousands of users on hundreds of servers?

Re:Security administration? (1)

vsync64 (155958) | more than 5 years ago | (#25484805)

NIS, but it's kind of old and screwy. Nowadays you can hook things into LDAP if you want.

Re:Security administration? (3, Informative)

gbjbaanb (229885) | more than 5 years ago | (#25484839)

do a search for LDAP.

Here's a comparison [daasi.de] of some options:
IBM SecureWay Directory,
Messaging Direct M-Vault,
Microsoft Active Directory,
Netscape Directory Server,
Novell eDirectory,
OpenLDAP.

Re:Security administration? (1)

Maguscrowley (1291130) | more than 5 years ago | (#25484913)

Just because your platform has not been subject to as many high profile attacks, does not mean that it is so obscure that you can feel safe. If you run a browser, and think that you are immune under the assumption that malicious code is platform dependent, then you are sadly mistaken.

In addition, the biggest concern here is for buisness users that want to keep servers safe. I am unaware of any OSX enterprise servers out there.

Finally, remember that OSX is UNIX and hence some exploits may still work.

Re:Security administration? (1)

Maguscrowley (1291130) | more than 5 years ago | (#25485003)

DAmn it, I meant to reply to the person below me. I fail it *shame*

Re:Security administration? (0)

Anonymous Coward | more than 5 years ago | (#25484927)

ldap + pam

Re:Security administration? (1)

blueskies (525815) | more than 5 years ago | (#25485013)

Are you asking if there is something like LDAP of which AD is composed of that runs on Linux boxes?

Re:When is enough, enough? (0)

Zironic (1112127) | more than 5 years ago | (#25484713)

It's as easy as you think to break into an arbitrary windows machine. If it was then every machine on the planet would be a zombie and they're obviously not. Get rid of your tin foil hat.

Re:When is enough, enough? (2, Insightful)

Arainach (906420) | more than 5 years ago | (#25484903)

Do you really believe that nothing like this exists on Mac or Linux? Not necessarily this specific exploit, but something of this severity. Neither Apple nor the various Linux/OSS developers have anywhere near the testing unit that Microsoft has to uncover these flaws, nor do they have anywhere near the level of real-world users testing their software. It's not possible to write software of this level and complexity 100% bug-free. It's a matter of how much time and testing it takes to find such bugs.

Re:When is enough, enough? (1)

Ender Wiggin 77 (865636) | more than 5 years ago | (#25484909)

Seems to me any machines in a "enterprise server farm" would be firewalled. Certainly any machines in a data center worth its salt would be firewalled and thus not accepting connections on the port being exploited here. I think the bigger threat here is workstations exploiting workstations at enterprise. Even home users are probably ok with basic firewalling.

Re:When is enough, enough? (5, Insightful)

jschottm (317343) | more than 5 years ago | (#25485081)

Microsoft has had something like this occur regularly enough that I found myself already skipping to the next story without even reading the complete heading.

Not any more they don't. This is the first major exploit for MS in several years that will enable trivial worm creation. The last notable one was Zotob in 2005, which was really comparatively minor - the last really big one was Sasser in 2004. Thus, this is important news.

If you read the post slowly and actually acknowledge what it says, it's saying that ever since the incarnation of Windows elite hackers from Russia (or anywhere else) have been able to steal files on any machine with no problem.

The same thing can be said about OpenSSL, BIND, Apache, Sendmail, Samba, and pretty much every major piece of software.

The underground top hackers have exploits that they guard with top secrecy and keep in their box of tricks when nothing else "known" is working.

That's why people who need to worry about top hackers also need to worry about defense in depth.

I still cannot understand why major corporations run Windows of any version in enterprise server farms.

Because it's non-trivial to completely switch platforms. Windows gained the desktop and office software marketshare and whether you think that MS did bad things to get there is irrelevant. Computers are simply a tool to most businesses. If the vast majority of the business software you need as a tool runs on one platform, you use that platform. And you develop your specific tools, generally for that platform. Thus, to support the desktop systems, you get the servers that support them.

And while I don't use them, the integration of the server, database, and programming environment that Microsoft provides is an incredibly good value proposition for some companies. Other than perhaps IBM, no one else can offer that level of coordination for development and server tools.

Microsoft never feels any repercussions of any of these incredible security holes. They don't even loose business over it!

Microsoft has invested heavily in improving their security. Vista is a far more secure piece of software than XP was. And MS has lost business over it - that's part of why Linux and OS X have been able to penetrate the professional and home computer worlds.

I am not a Microsoft fan but your statements don't really add anything to the dialog. Mindless MS bashing does no good.

Re:When is enough, enough? (1)

dave562 (969951) | more than 5 years ago | (#25485129)

Enough will be enough when there are viable alternatives for ALL of the functionality that Windows provides. ALL might be a bit of a stretch but not too much of one. The OSS world continues chugging along but if you look closely they are spending a lot of time recreating the wheel, or improving the wheel in ways that don't change the fact that it is still a wheel... a wheel that has been spinning for a while on the Microsoft platform. You can whine about how Microsoft sucks all day long but the harsh reality is that there are too many applications that rely on it to simply dump it.

As an example I work at a non-profit. We have a membership/fundraising application that tracks all of the development activity for the organization. That package ties into the accounting system so that as funds are raised and budgets are projected and what have you the systems interact with each other. Another component ties into the ticketing system so that when members come to visit the box office their account details are available. Did I mention the online component that allows membership renewals and ticket sales? It sure the hell isn't running on *nix. Now that isn't because a similar program can't be written for *nix. It simply hasn't been done yet. But hey... maybe one day, all of these super duper bad Microsoft security holes will pile up to the point where there are hundreds of non-profits out there looking to come up with a million or so dollars to completely rip out their Windows foundation and replace it with a super, duper, ooper better Linux way of doing things.

Until the cost of sticking with the status quo significantly outweighs the cost of switching to something else, the status quo will remain. Despite the flaws, Microsoft does keep getting better, although it often times seems like a one step forward, two steps back process (got Vista?). Look at this latest exploit. On Vista and Server 2008 the exploit doesn't work without popping up a warning dialogue. Obviously some group at Microsoft is forward thinking to have realized the potential for badness. If they hadn't, the dialogue box wouldn't pop up.

Re:When is enough, enough? (0)

Anonymous Coward | more than 5 years ago | (#25485143)

Samba has had plenty of security vulnerabilities, nubbins. Unfortunately, that's not news as Samba isn't anywhere near as popular.

I'm glad I'm on a Mac (0)

Anonymous Coward | more than 5 years ago | (#25484577)

I'm glad I am on OS X. No need to worry about the security hole of the minute compared to what goes on with the Linux and Windows boxes.

Re:I'm glad I'm on a Mac (0)

Anonymous Coward | more than 5 years ago | (#25484853)

I'm glad to have a 40 dollar router with a built in firewall so that I don't have to compromise what apps I run and not have to pay the Apple tax.

Re:I'm glad I'm on a Mac (0)

Anonymous Coward | more than 5 years ago | (#25484883)

better hope that your market penetration doesn't rise over 3% or you will become a target too

Re:I'm glad I'm on a Mac (0)

Anonymous Coward | more than 5 years ago | (#25484973)

Right! The only holes we mac users have to worry about are the ones with cocks stuffed in them.

Is file sharing even open across most networks? (1)

Darth_brooks (180756) | more than 5 years ago | (#25484627)

It's been years since I've tried, but doesn't SMB get dropped by some / all of the major residential carriers at this point? I know AT&T was dropping port 139 last time I tried leaving a machine wide open and exposed.

It's a nasty vulnerability and all, I'm just wondering if this could go all blaster / sasser.

Re:Is file sharing even open across most networks? (1)

Shadow-isoHunt (1014539) | more than 5 years ago | (#25484745)

Current IP filters on DOCSIS(cable) networks are actually outbound filters done at the modem which can be turned off if you've got an uncapped modem. I haven't seen any inbound filters on any DOCSIS networks(I've looked at Cox, Comcast, RR, and Charter) on 135/139.

Re:Is file sharing even open across most networks? (1)

eli867 (300724) | more than 5 years ago | (#25484939)

Yeah, but all it takes is ONE person to run an email attachment (or exploit some other hole) and then it's on every computer on the LAN

How about us behind routers? (1)

UncleMantis (933076) | more than 5 years ago | (#25484747)

Does this effect us behind routers on a home network?

Sounds like a bad one (5, Interesting)

Drakkenmensch (1255800) | more than 5 years ago | (#25484753)

You know that a vulnerability is bad when Microsoft goes out of its regular patching cycle to hurry and plug the hole so quickly, instead of following their usual philosophy of saying "What are you talking about? There is no security hole in Windows!" and quietly patching it a few months later amidst a flood of inocuous driver updates.

Re:Sounds like a bad one (1)

pm_rat_poison (1295589) | more than 5 years ago | (#25485021)

Of course. Windows Genuine Advantage

Re:Sounds like a bad one (0)

Anonymous Coward | more than 5 years ago | (#25485075)

"What are you talking about? There is no security hole in [insert apple product]!" is the usual apple philosophy, not the microsoft one

Wow! (1)

Skiron (735617) | more than 5 years ago | (#25484759)

And you Winders users - please DON'T forget to REBOOT after you apply this security patch (with no doubt extra luggage attached)!

I can see 5% of the Internet blinking on/off/on/off..... {6 hours}.... on again tonight.

Re:Wow! (0)

Anonymous Coward | more than 5 years ago | (#25484953)

That 30 second reboot's going to be too much for me to take; I'm installing Ubuntu!

Critical on XP - Important on Vista (0)

Anonymous Coward | more than 5 years ago | (#25484795)

The patch is critical on XP but only important on Vista - see Vista is MUCH more secure.

What d'ya say? You suggesting that marketing may impact a security decision? Them's fighting words...

Re:Critical on XP - Important on Vista (0)

Anonymous Coward | more than 5 years ago | (#25484885)

Because on Vista you get a prompt: "Your computer is being hacked. Cancel or Allow?"

swiss cheese (1)

nurb432 (527695) | more than 5 years ago | (#25484817)

Windows, it is.

Well of COURSE they are releasing Monday (1)

davidsyes (765062) | more than 5 years ago | (#25484821)

this time.... They are tired of having "Super Tuesday" associations...

Work around? (0, Flamebait)

slashkitty (21637) | more than 5 years ago | (#25484825)

Is to just turn off file and print sharing? Why don't they share that bit of info with us? Who would enable file sharing on windows anyway?

Re:Work around? (1)

JohnnyKlunk (568221) | more than 5 years ago | (#25485141)

Somebody with file/print servers.

Known about this for years (3, Funny)

xombo (628858) | more than 5 years ago | (#25484841)

My friends and I have known about this hole since high school. Every version of Windows with SMB has underlying, invisible, "root" accounts which cannot be removed without a great deal of diligence. These accounts have no password and give full access to the SMB share. I'm shocked that it has taken Microsoft this long to address the issue.

Re:Known about this for years (2, Funny)

eli867 (300724) | more than 5 years ago | (#25484957)

Buffer underrun permitting arbitrary code execution != "invisble root account"

You don't know what you're talking about.

Hello... (1)

ThePromenader (878501) | more than 5 years ago | (#25484905)

I find it more than a bit ironic that the /. story two down from this one is titiled "Microsoft Working For Samba Interoperability".

Webcast (1)

mungewell (149275) | more than 5 years ago | (#25485001)

We are sorry, due to the popularity of this event, registration is now full. Please search for another event.

figures.....

PoC (0)

Anonymous Coward | more than 5 years ago | (#25485063)

Anyone know if a PoC has been released yet?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>