Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft's "Dead Cow" Patch Was 7 Years In the Making

Posted by timothy on from the were-they-lean-years-or-fat-years? dept.

narramissic writes "Back in March 2001, a hacker named Josh Buchbinder (a.k.a Sir Dystic) published code showing how an attack on a flaw in Microsoft's SMB (Server Message Block) service worked. Or maybe the flaw was first disclosed at Defcon 2000, by Veracode Chief Scientist Christien Rioux (a.k.a. Dildog). It was so long ago, memory is dim. Either way, it has taken Microsoft an unusually long time to fix. Now, a mere seven and a half years later, Microsoft has released a patch. 'I've been holding my breath since 2001 for this patch,' said Shavlik Technologies CTO Eric Schultze, in an e-mailed statement. Buchbinder's attack, called a SMB relay attack, 'showed how easy it was to take control of a remote machine without knowing the password,' he said."

25 of 203 comments (clear)

  1. Now I get it by Maniacal · · Score: 5, Funny

    So that's how they came up with the name 'Windows 7'

    --
    MG
    1. Re:Now I get it by thewils · · Score: 5, Funny

      Things look a bit bleak for Windows 2008 then :(

      --
      Once I was a four stone apology. Now I am two separate gorillas.
    2. Re:Now I get it by mfh · · Score: 4, Funny

      So that's how they came up with the name 'Windows 7'

      No, they needed to get some luck for Windows, so they added the lucky number 7 to it. This bug fix was introduced to confuse us all.

      --
      The dangers of knowledge trigger emotional distress in human beings.
    3. Re:Now I get it by Yvan256 · · Score: 4, Funny

      George Costanza works for Microsoft?

    4. Re:Now I get it by Anonymous Coward · · Score: 2, Funny

      someone wanted to name their kid "Dead Cow"?

    5. Re:Now I get it by initialE · · Score: 2, Funny

      "Windows Se7en - What's in the box?" was my personal favorite.

      --
      Starbucks, Harbuckle of Breath.
  2. 'been holding my breath since 2001 for this patch' by Anonymous Coward · · Score: 5, Funny

    ...and boy are my arms tired.

    P.S. I'm dead.

  3. my prayers are answered! by Trepidity · · Score: 5, Funny

    Seven years ago, The Register devastated me with this terrible news:

    It's backward compatibility that has MS in a trap now. "NTLMv2 was created to address many of these issues, and if Windows came configured to use only NTLMv2 these would not be issues, unless the user knowingly opened himself up to allow communication with older operating systems," Sir Dystic noted.
    [...]
    However, if for some reason it's necessary for you to use the many thrilling features of Windows networking without NTLMv2, then there is absolutely nothing you can do but pray.

    Finally, I can use my favorite thrilling NTLM features without giving in and using NTLMv2!

    --
    10 PRINT CHR$(205.5+RND(1)); : GOTO 10
  4. SMB? by EraserMouseMan · · Score: 3, Funny

    Could a Windows Server Admin worth his/her salt please explain to us what SMB is, who would use it, and if there was a workaround that made the vulnerability a non-issue?

    1. Re:SMB? by Anonymous Coward · · Score: 5, Funny
      It took me a while, but apparently Sir Dystic was(is?) a member of The Cult Of The Dead Cow (reference).

      What a crappy headline. I hate teasers like that.

  5. port 139 by heffrey · · Score: 5, Funny

    Oh well, I guess I'd better block incoming public Internet traffic on port 139 then. That's a shame because it's been so very useful to have an Internet facing SMB share.

  6. Windows Server Admin? On Slashdot? Are you kidding by drachenfyre · · Score: 5, Funny

    Like any windows server admin reads slashdot.... And the ones that do aren't going to stick their hands up and say "Oh, pick me" so we can all berate them for their choice in closed source server operating systems.

  7. Holding his breath ? by Tomun · · Score: 3, Funny

    "I've been holding my breath since 2001 for this patch"

    With lungs like that he should try free-diving!

    1. Re:Holding his breath ? by AlgorithMan · · Score: 2, Funny

      Yeah, he even beats Guybrush Threepwood!

      --
      The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
  8. cDc by alxkit · · Score: 1, Funny

    This is not a bug but a fundamental design flaw.

    aka "a feature"

  9. Easter egg for Windows 7? by pcolaman · · Score: 2, Funny

    So does that mean we can expect a Dead Cow Level to be hidden in an included Windows 7 app, a la Flight Sim hidden in Excel 97.

    1. Re:Easter egg for Windows 7? by dkleinsc · · Score: 5, Funny

      That would make it harder to get to than the Secret Cow Level in Diablo II, because in Diablo II all you have to do is go through Hell, whereas with Windows 7 you have to install it successfully.

      --
      I am officially gone from /. Long live http://www.soylentnews.com/
  10. Re:Does anyone use this OS any more? by boredhacker · · Score: 2, Funny

    Yes, people certainly do still use "this OS" (i.e. Windows)... people who produce costly products with little value.

    :P

  11. Re:Does anyone use this OS any more? by heffrey · · Score: 5, Funny

    Hardly anybody still uses Windows, it's dying out.

  12. Re:How long ago seven years really is by Knackered · · Score: 2, Funny

    How many times have you changed occupation, had kids, changed partner, moved to a new city, changed your lifestyle habits, reconsidered your core values and beliefs, or made some other big change in your life?

    None, none, none, none, none, none, none.

    I guess I should get out more...

    --
    a.
  13. Re:Windows Server Admin? On Slashdot? Are you kidd by 0racle · · Score: 4, Funny

    I do.

    You can make fun of me :)

    That said, if you have a Linksys firewall

    Now you deserve to be made fun of.

    --
    "I use a Mac because I'm just better than you are."
  14. Re:Does anyone use this OS any more? by DAldredge · · Score: 3, Funny

    I do. And I like Vista too.

  15. Re:Does anyone use this OS any more? by Anonymous Coward · · Score: 3, Funny

    Good riddance, it's been a total pane since day one.

  16. Re:Does anyone use this OS any more? by Sponge+Bath · · Score: 5, Funny

    ...stop telling suits that all they need to administer Windows is someone with one finger

    Damn skippy! Alt-Ctrl-Del takes three fingers.

  17. Not all that great... by Nazlfrag · · Score: 2, Funny

    "Microsoft has released the specifications for the binary file formats used by pre-2007 Microsoft Office applications"

    And we all know how well Microsoft maintains backwards compatibility with its office file formats...