Microsoft to Issue Emergency Patch For File-Sharing Hole 348
An anonymous reader writes "Microsoft said late Wednesday that it plans to release a critical security update today to plug a security hole present in all supported versions of Windows. The company hasn't released any details about the patch yet, which is expected to be pushed out at 1 p.m. PT. Normally, Redmond issues security updates on Patch Tuesday, the second Tuesday of each month. The Washington Post's Security Fix blog notes that each of the three times in the past that Microsoft has departed from its patch cycle, it was to fix some really nasty vulnerability that criminals already were exploiting to break into Windows PCs."
Reader filenavigator points out an article which describes the hole as an SMB vulnerability, and says it "allows anyone to access a Windows machine remotely without any user name or password. Any machine that exposes Windows file sharing is vulnerable." Update: 10/23 17:42 GMT by T : Reader AngryDad adds a link to Microsoft's more detailed memo.
More info already posted... (Score:5, Informative)
Pretty serious (Score:5, Informative)
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type:Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service
In other words: any idiot on your network can gain admin access to any attached Windows-based system with file-sharing enabled. I'm really glad that they're releasing an emergency patch for this, because that's a pretty fucking crazy description of an exploit, especially since it affects all versions of their last 10 years of operating systems.
Re:FREEOWW!!! (Score:1, Informative)
This is a problem with filesharing over local networks using SMB. Not P2P transfers. This has nothing to do with piracy.
Re:Critical vs Important (Score:5, Informative)
No, if you RTFA article, on newer versions the overflow will still work, but require authentication, making it Important. On older versions the exploit can work with no authentication making it Critical. Microsoft has always used this labeling convention for patches.
Re:Security administration? (Score:4, Informative)
do a search for LDAP.
Here's a comparison [daasi.de] of some options:
IBM SecureWay Directory,
Messaging Direct M-Vault,
Microsoft Active Directory,
Netscape Directory Server,
Novell eDirectory,
OpenLDAP.
Re:Pretty serious (Score:5, Informative)
That's not the scary part. The scary part is that this can be made into a worm which uses a service which is installed by default on almost every windows system, and does not require user interaction to exploit. It's the perfect worm-bait. It's like a von neumann machine near the galactic core.
Re:Pretty serious (Score:3, Informative)
Re:Pretty serious (Score:3, Informative)
Actually, it is rather more like the Zotob vuln than the Blaster vuln. It is a crit on earlier systems, but requires authenticated privledges on Vista and 2K8 server due to the implementation of the integrity level defenses in Vista and 2K8. That said, the potential for damage with this vulnerability is high and there were reports of attacks in the wild. Thus, Microsoft released out of the standard release cycle.
Re:When is enough, enough? (Score:3, Informative)
Not any more they don't. This is the first major exploit that I know about for MS in several years that will enable trivial worm creation.
There, fixed it for you.
Re:When is enough, enough? (Score:3, Informative)
This is the first major exploit for MS in several years that will enable trivial worm creation.
I believe the second definition [reference.com] is the relevant one. If an exploit is trivial - any moderately skilled script kiddy can create a worm and it's been added to metasploit, it is by definition known.
Re:When is enough, enough? (Score:1, Informative)
You obviously haven't been paying attention to CVE's lately, Windows has had a whole slew of serious, remote "root"-holes lately.
For example, take a peek at some from this bulletin; http://www.us-cert.gov/cas/bulletins/SB08-294.html
This for example: http://web.nvd.nist.gov/view/vuln/detail?execution=e3s1
"Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service"
They might have gotten better, but not as much as you would like to think.
Re:Useless Windows Update (Score:5, Informative)
Explanation of how the exploit slipped through [msdn.com]
Re:No Fcking update is downloadable for it. (Score:3, Informative)
As you appear to need severe help; here; but next time read the KB article, it tells you alternative locations to download from, including the Update Catalog Site [microsoft.com] which even uses a shopping basket metaphor. Errr. If you're using IE.
Windows 2000 SP4: http://www.microsoft.com/downloads/de...=E22EB3AE-1295-4FE2-9775-6F43C5C2AED3 [microsoft.com]
Windows XP SP2: http://www.microsoft.com/downloads/de...=0D5F9B6E-9265-44B9-A376-2067B73D6A03 [microsoft.com]
Windows XP SP3: http://www.microsoft.com/downloads/de...=0D5F9B6E-9265-44B9-A376-2067B73D6A03 [microsoft.com]
Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/de...=4C16A372-7BF8-4571-B982-DAC6B2992B25 [microsoft.com]
Windows XP Professional x64 Edition SP2: http://www.microsoft.com/downloads/de...=4C16A372-7BF8-4571-B982-DAC6B2992B25 [microsoft.com]
Windows Server 2003 SP1: http://www.microsoft.com/downloads/de...=F26D395D-2459-4E40-8C92-3DE1C52C390D [microsoft.com]
Windows Server 2003 SP2: http://www.microsoft.com/downloads/de...=F26D395D-2459-4E40-8C92-3DE1C52C390D [microsoft.com]
Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/de...=C04D2AFB-F9D0-4E42-9E1F-4B944A2DE400 [microsoft.com]
Windows Server 2003 x64 Edition SP2: http://www.microsoft.com/downloads/de...=C04D2AFB-F9D0-4E42-9E1F-4B944A2DE400 [microsoft.com]
Windows Server 2003 with SP1 for Itanium-based Systems: http://www.microsoft.com/downloads/de...=AB590756-F11F-43C9-9DCC-A85A43077ACF [microsoft.com]
Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/de...=AB590756-F11F-43C9-9DCC-A85A43077ACF [microsoft.com]
Windows Vista (optionally with SP1): http://www.microsoft.com/downloads/de...=18FDFF67-C723-42BD-AC5C-CAC7D8713B21 [microsoft.com]
Windows Vista x64 Edition (optionally with SP1): http://www.microsoft.com/downloads/de...=A976999D-264F-4E6A-9BD6-3AD9D214A4BD [microsoft.com]
Windows Server 2008 for 32-bit Systems: http://www.microsoft.com/downloads/de...=25C17B07-1EFE-43D7-9B01-3DFDF1CE0BD7 [microsoft.com]
Windows Server 2008 for x64-based Systems: http://www.microsoft.com/downloads/de...=7B12018E-0CC1-4136-A68C-BE4E1633C8DF [microsoft.com]
Windows Server 2008 for Itanium-based Systems: http://www.microsoft.com/downloads/de...=2BCF89EF-6446-406C-9C53-222E0F0BAF7A [microsoft.com]
Re:Work around? (Score:3, Informative)
You mean like this phrase:
Disable the Server and Computer Browser services
In the section titled: "workarounds".
Yeah, it would be great if they would share that with us.
Re:Samba Interoperability? (Score:3, Informative)
It's a bit ugly, not very consistent, almost completely undocumented, but it's very secure by design. Please don't take my word for it. Read this [umich.edu] and then look at the source code.
Now have you looked at the Windows SMB server source code? I rest my case.
Re:Samba Interoperability? (Score:3, Informative)
Debian does ship with ssh turned off. By the way, it ships with no ssh server even installed.
Ssh is a dangerous piece of software, that will can make your machine quite vunerable if you don't know it is running and don't protect it accordingly (good passwords or only key autentication).