Microsoft to Issue Emergency Patch For File-Sharing Hole

← Back to Stories (view on slashdot.org)

Microsoft to Issue Emergency Patch For File-Sharing Hole

Posted by timothy on Thursday October 23, 2008 @05:22AM from the safest-version-of-windows-ever dept.

An anonymous reader writes "Microsoft said late Wednesday that it plans to release a critical security update today to plug a security hole present in all supported versions of Windows. The company hasn't released any details about the patch yet, which is expected to be pushed out at 1 p.m. PT. Normally, Redmond issues security updates on Patch Tuesday, the second Tuesday of each month. The Washington Post's Security Fix blog notes that each of the three times in the past that Microsoft has departed from its patch cycle, it was to fix some really nasty vulnerability that criminals already were exploiting to break into Windows PCs." Reader filenavigator points out an article which describes the hole as an SMB vulnerability, and says it "allows anyone to access a Windows machine remotely without any user name or password. Any machine that exposes Windows file sharing is vulnerable." Update: 10/23 17:42 GMT by T : Reader AngryDad adds a link to Microsoft's more detailed memo.

35 of 348 comments (clear)

This is why... by TrippTDF · 2008-10-23 05:24 · Score: 4, Funny

...I don't use computers. They are too much of a security risk.
1. Re:This is why... by TheNecromancer · 2008-10-23 05:25 · Score: 1, Funny
  
  If you don't use computers, how did you post on /.?
  
  --
  Attention all planets of the Solar Federation! We have assumed control! - Neil Peart
2. Re:This is why... by TrippTDF · 2008-10-23 05:26 · Score: 4, Funny
  
  I don't.
3. Re:This is why... by The+Gaytriot · 2008-10-23 05:31 · Score: 4, Funny
  
  Who are you replying to?
  
  --
  Srsly u guys. U guys, srsly.
4. Re:This is why... by bradkittenbrink · 2008-10-23 05:33 · Score: 3, Funny
  
  then I think somebody may have hacked your account...
5. Re:This is why... by Anonymous Coward · 2008-10-23 05:33 · Score: 5, Funny
  
  Simple: Call up your ISP and make the correct noises. Real men don't use modems.
6. Re:This is why... by Lord+Pillage · 2008-10-23 05:43 · Score: 5, Funny
  
  Weren't you listening? He doesn't use computers therefore he doesn't have an account! Some people just don't get the logic in that...
  
  --
  try { Signature mysig = new CleverAttempt(); } catch(NonCleverSignatureException e) { postanyway(); }
7. Re:This is why... by _Sprocket_ · 2008-10-23 05:51 · Score: 4, Funny
  
  Simple: Call up your ISP and make the correct noises. Real men don't use modems.
  Whistling in to a phone?! REAL men use butterflies.
8. Re:This is why... by Ngarrang · 2008-10-23 05:54 · Score: 2, Funny
  
  If you don't use computers, how did you post on /.?
  Maybe he was dictating his response to someone who does have aaaaaaaaa...
  
  --
  Bearded Dragon
9. Re:This is why... by LearnToSpell · 2008-10-23 06:13 · Score: 2, Funny
  
  Must be a lot of people doing that around here...
  
  --
  Haida Manga
10. Re:This is why... by dgatwood · 2008-10-23 06:30 · Score: 2, Funny
  
  No, you got the joke wrong. The correct line is:
  First, he asks his secretary to print the Internet. Then, the secretary prints a bunch of random crap pages. Then, he types up a response on his Underwood No. 5 and sends it to her through a pneumatic tube. Then, the secretary rekeys the information in and sends a printed copy to him via a pneumatic tube for approval, which he then initials and sends back through the tube. Upon receipt of the initialed printed copy, she initials the electronic copy and clicks "submit".
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
11. Re:This is why... by the_B0fh · 2008-10-23 07:19 · Score: 2, Funny
  
  This is slashdot! If he's capable of listening, he would have gotten a girlfriend, and would have a real life instead, but here he is, posting on slashdot, so, obviously he is not capable of listening.
12. Re:This is why... by Niten · 2008-10-23 07:37 · Score: 2, Funny
  
  You can even get DSL if you have a good enough falsetto.
13. Re:This is why... by g-san · 2008-10-23 08:46 · Score: 4, Funny
  
  Yeah but you only get half-duplex unless you learn circular breathing...
Let's hope by cnettel · 2008-10-23 05:25 · Score: 5, Funny

Let's hope that the renewed Samba compatibility effort by MS means that this bug will be ported over.
1. Re:Let's hope by Anonymous Coward · 2008-10-23 08:30 · Score: 2, Funny
  
  This sounds like a lie. There is no public exploit out for this.
Re:Cool by iztehsux · 2008-10-23 05:26 · Score: 5, Funny

Still got plenty of time before this afternoon to turn your college campus into a botnet!
Maybe.. by cirrustelecom · 2008-10-23 05:26 · Score: 2, Funny

At least they didn't describe it as a MAC vulnerability

--
"No, but understanding is not required, only obedience."
Damn Fossies by Ynot_82 · 2008-10-23 05:27 · Score: 2, Funny

Those damn FOSSies can gain access to SMB shares
Quick, patch it....
Samba Interoperability? by Philip+K+Dickhead · 2008-10-23 05:33 · Score: 2, Funny

Why patch? Looks like they went a long way to achieve this already!

--
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
1. Re:Samba Interoperability? by TeacherOfHeroes · 2008-10-23 06:44 · Score: 2, Funny
  
  I agree!
  Every time that a new software bug or vulnerability is uncovered, I feel better and better about my choice to stick with an abacus instead of using these computer things.
  Yes, it would be convenient to have it in my home or office, but you never know when some giant glaring exploit is going to appear and leave you open to pwnage due to some software company drinking a cold frosty can of fail.
  Days like this justify my paranoia.
2. Re:Samba Interoperability? by Sj0 · 2008-10-23 07:32 · Score: 2, Funny
  
  I agree!
  Every time that a new software bug or vulnerability is uncovered, I feel better and better about my choice to stick with an my fingers and toes instead of using these computer things(20 bits ought to be enough for anyone).
  Yes, it would be convenient to have it in my home or office, but you never know when some giant glaring exploit is going to appear and leave you open to pwnage due to some software company drinking a cold frosty can of fail.
  Days like this justify my paranoia.
  
  --
  It's been a long time.
Does this mean . . . by arizwebfoot · 2008-10-23 05:40 · Score: 4, Funny

I need to dust of my IMB Selectric III?

--
Beer is proof that God loves us and wants us to be happy.
Re:FREEOWW!!! by flyingfsck · 2008-10-23 05:40 · Score: 2, Funny

"Any OS must be behind a firewal" - So do you put your firewall behind a firewall?

--
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Re:Critical vs Important by Narnie · 2008-10-23 05:55 · Score: 5, Funny

The difference between XP and Vista will be a little pop up on Vista that will ask you if you want to run the RCP exploit n@5Ty.tr0g1n

--
greed@All_Evils:~#
Known about this for years by xombo · 2008-10-23 06:03 · Score: 3, Funny

My friends and I have known about this hole since high school. Every version of Windows with SMB has underlying, invisible, "root" accounts which cannot be removed without a great deal of diligence. These accounts have no password and give full access to the SMB share. I'm shocked that it has taken Microsoft this long to address the issue.
1. Re:Known about this for years by eli867 · 2008-10-23 06:09 · Score: 2, Funny
  
  Buffer underrun permitting arbitrary code execution != "invisble root account"
  You don't know what you're talking about.
Re:FREEOWW!!! by Anonymous Coward · 2008-10-23 06:12 · Score: 5, Funny

It's firewalls all the way down.
Re:Cool by dgatwood · 2008-10-23 06:23 · Score: 2, Funny

In Soviet college, files serve you?

--
Check out my sci-fi/humor trilogy at PatriotsBooks.
Someone always clicks "allow". by argent · 2008-10-23 06:24 · Score: 5, Funny

Because on Vista you get a prompt: "Your computer is being hacked. Cancel or Allow?"

Windows Airlines:
The terminal is very neat and clean, with security barriers every few meters. The attendants are attractive, even if it's kind of creepy how much they want to "help" (especially in the restrooms). The pilots are allegedly very capable, though nobody ever sees them and there's an armed guard by the cockpit door. The fleet of jets it operates are immense. Your jet takes off without a hitch, pushing above the clouds, and at 20,000 feet a message pops up on the seat back in front of you asking "Should this plane explode now?".
Some idiot always answers "Yes".
Or maybe ... by Rhabarber · 2008-10-23 06:47 · Score: 5, Funny

... the bug was found on one of the interoperability fests:

Samba Guy: Hey dude, look, when I open a connection _this way_ I get strange replies. There is nothing similar in the docs ...

MS Interoperability Officer Sir, the protocol is just to complex. I wouldn't care. How about putting little hears into the password dialog, I don't like the asterisks, anyway.

Samba Guy: Dude, come on, I want to understand how the stuff works...

MS Interoperability Officer: Sir, hmm, must be part a proprietary, essential, internal routine framework. It's in there since ages. The software works, we make billions from it.

Samba Guy: But what does it do? Why do you need it?

MS Interoperability Officer: Don't know. The guy who coded it left the company.

Samba Guy: Can't we just call him?

MS Interoperability Officer: Don't think so. He must be cleaning his Yacht somewhere near Tanzania right now.

Samba Guy: Well dude, then let's see what's gonna happen if I keep going on...

MS Interoperability Officer: Sir, I'm bored. I don't like your black console anyway. It feels so 50ths.

MS Interoperability Officer: Sir, I'm in the position to offer you a free trial for Microsoft Visual Studio 2009 with Ribbon TM included.

Samba Guy: Look dude, I just got root on your machine.

MS Interoperability Officer: Sir, which idiot gave you my password?

Samba Guy: No password, dude. I just opened the connection, look here ...

Samba Guy show 4 lines of code.

MS Interoperability Officer: Sir, please hold on, I need to call my chief security officer.

MS Interoperability Officer talking on the phone (next door).

Minutes later the door is opened violently. Gates and Balmer enter the scene guarded by five NSA officers.

Gates: Sir, I'm sorry, you found one of the many backdoors we built into all versions of Microsoft Windows TM released after 1999. I suppose you will perfectly understand that all algorithms concerning that matter is our intellectual property which is protected by American Law.

NSA Officer (in monotone voice): Sir, I'll now use this Neutralizer TM device to erase your memories of the last twenty-four hours. You've never been in this building and you never knew about the federal data acquisition program.

A bright flash of light gets emitted from the little device.

Samba Guy: Shit, my eyes. What the fuck is wrong with you guys. That code is so freaking stupid. You can't be serious...

Another NSA Officer (in aggressive voice): Shut up criminal bastard!

First NSA Officer (in same monotone voice): Sir, you might have consumed a critical cumulative dose of THC during adolescence. The resulting altered brain circuity is resistant to portable neutralizer devices. I'm sorry to inform you're temporally arrested under federal law.

Samba Guy: Bull shit, you have no idea what you're talking about. Look I've got a hock running that sends every command I type on the console directly to twitter. Everybody does it, it's lot's of fun. Nothing I do is secret. I believe in sharing of ideas.

Ballmer (in rage): Motherfucking communists ... this is why fucking America is all that fucked up ... how the fuck should we ever control that fucking mob ... fuck!

Ballmer, well, throws chairs.

Gates (calling the still governing president of the United States): My president, sir, I'm sorry to inform you, due to certain circumstances, details concerning the federal data acquisition program might just have been leaked to the public.

Samba Guy: Hey dude, the story is already on digg. I think you should issue a patch before it is on slashdot.

Curtain gets drawn, applause.

Off stage voice: Thank you ladies and gentlemen. Please don't forget to visit windowsupdates.microsoft.com
This is going to be a field day for the RIAA... by Waffle+Iron · 2008-10-23 07:38 · Score: 3, Funny

... and their "making available" theory. They could soon be raking in $Trillions in statutory damages from the public.
Re:Critical vs Important by Lobster+Quadrille · 2008-10-23 07:46 · Score: 2, Funny

I find it amusing that we geeks can be so anal retentive about redundancy, spelling and grammar, then invent words like "boxen" and "borked".

--
"The cup is in turn designed for holding hot or cold liquids, and has an open rim and closed base." --US Patent #5425497
Re:FREEOWW!!! by cez · 2008-10-23 08:02 · Score: 2, Funny

\\ ?

--
Walk with Music;
Re:FREEOWW!!! by caluml · 2008-10-23 08:46 · Score: 2, Funny

Aaah, so that's what the loopback interface is for...

--
Get your own free personal location tracker