Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft to Issue Emergency Patch For File-Sharing Hole

Posted by timothy on from the safest-version-of-windows-ever dept.

An anonymous reader writes "Microsoft said late Wednesday that it plans to release a critical security update today to plug a security hole present in all supported versions of Windows. The company hasn't released any details about the patch yet, which is expected to be pushed out at 1 p.m. PT. Normally, Redmond issues security updates on Patch Tuesday, the second Tuesday of each month. The Washington Post's Security Fix blog notes that each of the three times in the past that Microsoft has departed from its patch cycle, it was to fix some really nasty vulnerability that criminals already were exploiting to break into Windows PCs." Reader filenavigator points out an article which describes the hole as an SMB vulnerability, and says it "allows anyone to access a Windows machine remotely without any user name or password. Any machine that exposes Windows file sharing is vulnerable." Update: 10/23 17:42 GMT by T : Reader AngryDad adds a link to Microsoft's more detailed memo.

4 of 348 comments (clear)

  1. Re:FREEOWW!!! by Zironic · · Score: 0, Flamebait

    windows file sharing has to my knowledge absolutely nothing to do with any P2P program.

  2. Work around? by slashkitty · · Score: 0, Flamebait

    Is to just turn off file and print sharing? Why don't they share that bit of info with us? Who would enable file sharing on windows anyway?

    --
    -- these are only opinions and they might not be mine.
  3. Re:FREEOWW!!! by mcgrew · · Score: 0, Flamebait

    Cue Nelson:

    --
    Free Martian Whores!
  4. Re:When is enough, enough? by gillbates · · Score: 0, Flamebait

    You know, I can understand your sentiments, except that hapless Windows users don't have a choice but to have filesharing running on their machines. In fact, most don't even know it's running, or that it's enabled by default. With Linux, I don't have to start Samba, BIND, sendmail, etc... unless I want to. Windows users have much less control over the security of their systems than their Linux running counterparts.

    Quite honestly, the insecurity of linux programs is a moot point; I don't have to run that program. The only security of undeniable consequence for the end user is that of the kernel, because everything else can be turned off. With Linux, I get to choose my risk acceptance level; with Windows, Redmond chooses it for me.

    --
    The society for a thought-free internet welcomes you.