[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Microsuck delaying patch for SMB2 on purpose?

To: "Rohit Patnaik" <quanticle@xxxxxxxxx>, Nick <nick58@xxxxxxxxx>
Subject: Re: [Full-disclosure] Microsuck delaying patch for SMB2 on purpose?
From: Chris <r0ck@xxxxxxxxxxxxx>
Date: Thu, 1 Oct 2009 09:33:17 -0400

 "it seems"...and "I'm pretty sure"

Is this FD or some fantasyland where everybody can just make up shit?

If you don't KNOW and can't CONFIRM (with links or FACTS) then stfu.

  ----- Original Message -----
  From: "Rohit Patnaik"
  To: Nick
  Cc: full-disclosure@xxxxxxxxxxxxxxxxx
  Subject: Re: [Full-disclosure] Microsuck delaying patch for SMB2 on
  purpose?
  Date: Thu, 1 Oct 2009 08:09:22 -0500

  I'm pretty sure that Microsoft has already released a fix for this.
   I know they've patched Vista and Windows 7, and they've decided
  publicly not to backport the fix to Windows XP.
  --Rohit Patnaik

  On Wed, Sep 30, 2009 at 8:34 PM, Nick <nick58@xxxxxxxxx> wrote:

    A new exploit for the _Smb2ValidateProviderCallback() function
    has been released by the same person who created the Denial of
    Service exploit, except this one is able to execute code
    remotely. It seems that ms is sort of delaying the quick fix for
    this exploit. Whats even sadder is that they knew about it when
    they developed windows 7 but didn't care to patch windows vista. 
    If they dont release a patch soon, viruses will be all over the
    internet...

    Exploit code:
    
http://packetstormsecurity.org/filedesc/smb2_negotiate_func_index.rb.txt.html



    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/



  _______________________________________________
  Full-Disclosure - We believe in it.
  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
  Hosted and sponsored by Secunia - http://secunia.com/






-- 
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 9 at http://www.opera.com

Powered by Outblaze

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Microsuck delaying patch for SMB2 on purpose?
Next by Date: Re: [Full-disclosure] Modifying SSH to Capture Login Credentials from Attackers
Previous by thread: Re: [Full-disclosure] Microsuck delaying patch for SMB2 on purpose?
Next by thread: [Full-disclosure] mudos from pcapr.net
Index(es):
- Date
- Thread