Full Disclosure mailing list archives
Re: Microsuck delaying patch for SMB2 on purpose?
From: Rohit Patnaik <quanticle () gmail com>
Date: Thu, 1 Oct 2009 08:09:22 -0500
I'm pretty sure that Microsoft has already released a fix for this. I know they've patched Vista and Windows 7, and they've decided publicly not to backport the fix to Windows XP. --Rohit Patnaik On Wed, Sep 30, 2009 at 8:34 PM, Nick <nick58 () gmail com> wrote:
A new exploit for the _Smb2ValidateProviderCallback() function has been released by the same person who created the Denial of Service exploit, except this one is able to execute code remotely. It seems that ms is sort of delaying the quick fix for this exploit. Whats even sadder is that they knew about it when they developed windows 7 but didn't care to patch windows vista. If they dont release a patch soon, viruses will be all over the internet... Exploit code: http://packetstormsecurity.org/filedesc/smb2_negotiate_func_index.rb.txt.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Microsuck delaying patch for SMB2 on purpose? Nick (Oct 01)
- Re: Microsuck delaying patch for SMB2 on purpose? Rohit Patnaik (Oct 01)
- Re: Microsuck delaying patch for SMB2 on purpose? Sub (Oct 01)
- Re: Microsuck delaying patch for SMB2 on purpose? G. D. Fuego (Oct 01)
- Re: Microsuck delaying patch for SMB2 on purpose? Freddie Vicious (Oct 01)
- <Possible follow-ups>
- Re: Microsuck delaying patch for SMB2 on purpose? Chris (Oct 01)
- Re: Microsuck delaying patch for SMB2 on purpose? Rohit Patnaik (Oct 01)