The disturbing part is that Microsoft knew about this flaw as far back as 2001. According to Microsoft, they held back on releasing a fix because it would immediately break many applications that require SMB signing. For example, on the MSRC blog, a Microsoft employee states:
...the impact would have been to render many (or nearly all) customers network-based applications then inoperable. For instance, an Outlook 2000 client wouldnt have been able to communicate with an Exchange 2000 server. We did say that customers who were concerned about this issue could use SMB signing as an effective mitigation...
I could buy that. IF IT ONLY AFFECTED WINDOWS XP. But the bug in question also affects Vista, 2008, and 64 bit releases. Many applications were simply broken with the release of Vista. Why not just allow them to break and keep them secure? And why does it take 7 years to figure out this application compatible work around?
In our remote programs, like remote reboot, or remote desktop enabler, we need to use 4 different methods to authenticate via SMB with a remote host...to cover all of the versions of Windows. Now I can understand why this is the case! Because the SMB server in windows is a spaghetti code mess that probably has 10 more security holes the hackers already know about, Microsoft knows about, but still has not found a fix for them yet!
Sorry for the rant, but if you do have an internet facing machine I suggest disabling file and printer sharing, and make double sure these ports are firewalled.
Posted By: Steve Wiseman on Thursday, November 13, 2008
Check out our utilities for windows