Patch after seven and a half years
It took the Microsoft programmers seven and a half years to release a patch covering a hole in the Server Message Block (SMB) protocol. For the first time information about this vulnerability was made public at the Defcon conference as early as 2000. The exploit officially appeared in March 2001. Over the years, the exploit has become widespread and has been used very actively. For example, it was built into the popular hacker program Metasploit.
This vulnerability makes it very easy to take control of a remote computer if it is not protected by a firewall. According to the classification of Microsoft, the vulnerability is considered "important" for Windows XP, 2000 and Server 2003, and also has the status of "moderate" for Vista and Server 2008. However, independent experts unequivocally call this vulnerability critical.
Experts also note that seven and a half years is a very long time to create a patch, an unusually long time even for Microsoft. It is not clear what explains this delay.
This vulnerability makes it very easy to take control of a remote computer if it is not protected by a firewall. According to the classification of Microsoft, the vulnerability is considered "important" for Windows XP, 2000 and Server 2003, and also has the status of "moderate" for Vista and Server 2008. However, independent experts unequivocally call this vulnerability critical.
Experts also note that seven and a half years is a very long time to create a patch, an unusually long time even for Microsoft. It is not clear what explains this delay.
')
Source: https://habr.com/ru/post/44436/
All Articles