[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20091001133317.D267BCBEA7@ws5-11.us4.outblaze.com>
Date: Thu, 1 Oct 2009 09:33:17 -0400
From: Chris <r0ck@...ramail.com>
To: "Rohit Patnaik" <quanticle@...il.com>, Nick <nick58@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Microsuck delaying patch for SMB2 on purpose?
"it seems"...and "I'm pretty sure"
Is this FD or some fantasyland where everybody can just make up shit?
If you don't KNOW and can't CONFIRM (with links or FACTS) then stfu.
----- Original Message -----
From: "Rohit Patnaik"
To: Nick
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Microsuck delaying patch for SMB2 on
purpose?
Date: Thu, 1 Oct 2009 08:09:22 -0500
I'm pretty sure that Microsoft has already released a fix for this.
I know they've patched Vista and Windows 7, and they've decided
publicly not to backport the fix to Windows XP.
--Rohit Patnaik
On Wed, Sep 30, 2009 at 8:34 PM, Nick <nick58@...il.com> wrote:
A new exploit for the _Smb2ValidateProviderCallback() function
has been released by the same person who created the Denial of
Service exploit, except this one is able to execute code
remotely. It seems that ms is sort of delaying the quick fix for
this exploit. Whats even sadder is that they knew about it when
they developed windows 7 but didn't care to patch windows vista.
If they dont release a patch soon, viruses will be all over the
internet...
Exploit code:
http://packetstormsecurity.org/filedesc/smb2_negotiate_func_index.rb.txt.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 9 at http://www.opera.com
Powered by Outblaze
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists