Microsoft ID security hole in their code; suggest you use generic instead

Sep 21, 2009
0
Microsoft ID security hole in their code; suggest you use generic instead

It seems pretty clear-cut that Microsoft are going to get plenty of stick for their latest software vulnerability - and their fix for it - after the company's Security Response Center admitted that SMBv2 (Server Message Block version 2) could leave a system vulnerable to remote takeover.  Microsoft's fix for Vista, Windows Server 2008 and Windows 7?  Turn it off.

What makes it particularly embarrassing is that Microsoft apparently developed SMBv2 so as to avoid sharing any code with Samba, and the more widely used SMB (to which Microsoft say affected OSes will fall back to).  To shut off SMB2 you can either edit the registry or use Microsoft's "one click" system; there's a proper patch in the pipeline, supposedly.

[via ITworld - thanks Robert!]


Must Read Bits & Bytes