Vroom! Parallels Desktop 4.0 Increases Performance vinternals: Symantec Does _NOT_ Support Vmotion… WTF!?!?!
Nov 17

Microsoft Finally Patches SMB Flaw

Microsoft, SecurityPost by Mike DiPetrilloAdd comments

I was reading through a bunch of past articles and came across one about Microsoft patching a SMB security flaw from 7 years ago. Normally this wouldn’t concern me a lot for a couple of reasons:

1) There’s a lot of security holes that are less critical or never get exploited and so companies take a while to patch them. I’m not saying that’s a good thing – just that it happens.

2) I’m a big believer that people in glass houses shouldn’t throw stones. I work for a software company and as long as your software is running there could be a security issue. That’s just the nature of complex pieces of software. I don’t like to point out other’s vulnerabilities because it will just circle back around to hit me again.

With that said, this one sort of shocked me. A long time ago I used to do security audits for a living while working for a VAR. One of the very first things I’d do is crack out a tool that exploited the SMB issue referred to in the article to grab the SAM and thus a bunch of great passwords (including Domain Admin). It usually took all of about 5 minutes and worked every time. There are dozens of hacker tools out there on the web that include this exploit. This brings up the question of why Microsoft waited this long to fix a hole exploited by the #1 tool in my arsenal.

I haven’t done any audits in the past 6 1/2 years so maybe this little trick just stopped being used. Maybe people didn’t like the fact that you had to be on the network behind the firewall in order to use this attack. At schools and universities this just meant jacking in at the library or something. For corporations I would usually just setup some fake meeting during lunch, miss the person I was meeting with, and wait for them in a conference room – again behind the firewall. The point is you can’t always trust that just because something is behind a firewall that it’s protected so it really shocks me that this vulnerability is just getting patched.

Hoff, if you’re out there and reading, or any other security minded people please let me know what was up with this one.

No TweetBacks yet. (Be the first to Tweet this post)
VN:F [1.7.8_1020]
Rating: 0.0/5 (0 votes cast)
VN:F [1.7.8_1020]
Rating: 0 (from 0 votes)

  • Thanks for posting that, Fabian! That explains a lot. What I really do like is the fact that Microsoft stuck with it all of these years. They could have just said "I think people forgot about that so let's just let it fall completely off the radar". Instead they did the right thing and gradually got to a point where the could fix it. That speaks pretty highly of the security team over there.

    I knew about the SMB signing fix but that wasn't feasible in so many networks and broke a lot of apps. I'm glad there's finally a fix that doesn't break things. Thanks again bringing the post to my attention.
  • Fabian Bader
    Hi Mike,

    there seems to be an offical answer to this question.
    Take a look at this post http://blogs.technet.com/msrc/archive/2008/11/1...
blog comments powered by Disqus