Microsoft has promised to patch a serious flaw in newer versions of its Windows operating system after hackers released exploit code that allows them to take complete control of the underlying machines.
The flaw, which affects various versions of Windows Vista, 2008, and the release candidate version of Windows 7, resides in the implementation of a network file sharing technology known as SMB, or server message block. The bug, which fails to adequately parse network negotiation requests, was previously believed only to generate a debilitating blue screen of death, but on Tuesday, Microsoft confirmed in some cases it could also be used to remotely execute malicious code on vulnerable machines.
Ovo je tragicno - SMB (iliti MSFT-ova tehnologija za deljenje drajvova i printera) je toliko busan da je to najveci izvor kriticnih bagova u Windows-ima vec vise od deceniju. Setimo se Nimda crva kao i bezbroj kriticnih propusta koji su dolazili od cuvenog porta 135 (SMB)
Ocigledno je da SMB u Microsoftu niko ne odrzava osim kada neko drugi prijavi kriticni bag.
Ovu tehnologiju bi ili trebalo zabraniti (hvala bogu pa su zablokirali SMB port na firewall-u po defaultu na internet konekcijama) ili bi Microsoft trebalo prisiliti da ceo SMB makne lepo u user-space.
Drzati ovakvo minsko polje u kernelu moze samo da steti svima.
Mozda bi bilo najbolje da Microsoft lepo licencira Sambu i drzi je kao servis sa ogranicenim pravima u user-modu.
http://www.digicortex.net/node/1 Videos: http://www.digicortex.net/node/17 Gallery: http://www.digicortex.net/node/25
PowerMonkey - Redyce CPU Power Waste and gain performance! - https://github.com/psyq321/PowerMonkey