November 12, 2008 at 15:32Patch after seven and a half years
It took Microsoft programmers seven and a half years to release a patch covering the hole in the SMB (Server Message Block) protocol. For the first time, information about this vulnerability was released at the Defcon conference as early as 2000. The exploit officially appeared in March 2001. Over the years, the exploit has become widespread and has been used very actively. For example, it was built into the popular hacker program Metasploit.
This vulnerability makes it very easy to take control on a remote computer if it is not protected by a firewall. According to Microsoft’s classification, the vulnerability is considered “important” for Windows XP, 2000, and Server 2003, and also has the status of “moderate” for Vista and Server 2008. However, independent experts clearly callthis vulnerability is critical.
Experts also note that seven and a half years is a very long time to create a patch, unusually long even for Microsoft. It is unclear what explains this delay.
This vulnerability makes it very easy to take control on a remote computer if it is not protected by a firewall. According to Microsoft’s classification, the vulnerability is considered “important” for Windows XP, 2000, and Server 2003, and also has the status of “moderate” for Vista and Server 2008. However, independent experts clearly callthis vulnerability is critical.
Experts also note that seven and a half years is a very long time to create a patch, unusually long even for Microsoft. It is unclear what explains this delay.