Vulnerability still exists despite SMB patching

News by Dan Raywood

The response to criticism by Christopher Budd of the MS08-068 patch has been welcomed.

The response to criticism by Christopher Budd of the MS08-068 patch has been welcomed.


Eric Schultze, CTO at Shavlik, said that he was very happy with the response and with Microsoft's actions, but there was still a problem that has been left unaddressed.


Schultze said: “I think he was spot on with his response, he was trying to push this thing through but my issue with this was I was working there back in 2001 and we tried to get it fixed but the Budd office told me that they couldn't.


“Christopher said that they knew about it and if they tried to address and patch it then they could break things, they then said that they don't know how to fix it.


“I guess this began again about a year ago when they tried again to fix it when they realised that they had the capability to do so. Microsoft discovered a way to make their fix work, but my concern is that because they couldn't fix it back in 2001, computers have been sitting vulnerable for over seven years.


“However I can see that there is still one weakness in the overall protocol which they may not be able to fix. Typically a SMBRelay works by me logging on to a machine that has come to my website, a vulnerability still exists by a user coming to my website, and although I can't access that machine I can access any other machine that is networked to it.


“Microsoft has looked at the packet and the variant that still works will mean that machines will still be vulnerable. I believe that the only way to fix this is to use SMB signing, which Budd did not discount.”




Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike