Gladiator Security Forum > Fixed once: old 'fix' introduced SMBv2 flaw

Full Version: Fixed once: old 'fix' introduced SMBv2 flaw

Gladiator Security Forum > Microsoft Corner > Help & Support and information: MS Windows

Chachazz

Sep 19 2009, 04:49 PM

Old patch introduced SMBv2 flaw, says finder
Published: 2009-09-11

"In December 2007, Microsoft patched the file- and printer-sharing functionality in Windows Vista to fix a medium-severity vulnerability. Unfortunately, the company inadvertently added a critical flaw, a security researcher said on Friday.

In an e-mail interview with SecurityFocus, Laurent Gaffié -- the researcher that disclosed a critical flaw in Microsoft's Server Message Block (SMB) version 2 code earlier this week -- said that further research pinpointed the specific patch that added the vulnerability to Windows Vista. The patch, which fixed a remote execution flaw in SMBv2 signing, was rated Important by Microsoft because the vulnerable feature was not turned on by default. The vulnerability that the patch allegedly introduced could allow an attacker to exploit an affected system in its default configuration, which usually merits a Critical rating from Microsoft.

"The only thing I know regarding this 'patching' process is, when they fixed this code, they opened another bigger, worse security issue," Gaffié said in the e-mail interview"....Security Focus

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.