MS patch Tuesday includes fix for seven-year old itch
Print storyBetter late than never
Posted in Enterprise Security, 12th November 2008 12:31 GMT
Free whitepaper – Extended Validation SSL Certificates
Microsoft's light sprinkling of patches yesterday includes a fix that reportedly goes back seven years or more.
Tuesday brought updates from Microsoft for a critical flaw in XML core services, which might allow memory corruption and code execution, and a flaw in SMB (Server Message Block). SMB is code which allows file shares over a network, and Microsoft labels the flaw as "important" but security watchers at the Internet Storm Centre give it a more severe "critical" prognosis.
Microsoft acknowledges that tools such as Metasploit have been able to carry out an attack based on the SMB vulnerability without saying how long the flaw has been around.
According to Metasploit, the flaw was first demonstrated by Sir Dystic at a hacking conference in 2001. Tests for the vulnerability have been available since July 2007, it adds.
Flaws in the NTLM Authentication flaw that's the subject of the patch were demonstrated at Defcon as far back as 2000, by Christian Rioux of Veracode (AKA dildog), according to BugTraq postings.
It's unclear why it took so long for Microsoft to fix the flaw.
A fuller explanation of both vulnerabilities that are the topic of this month's patch batch can be found in Microsoft's summary here or a more readable overview from the Internet Storm Centre here. ®
Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server
The business case for application security
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Server-gated cryptography
Airport insecurity: the case of lost laptops
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive