Xatrix Security

[muto]

The new SMB2 stack has a lovely exploit in it, that's very close to the old 'Ping of Death'; and lets you send a single packet to bluescreen a machine running (fully patched) Windows 7, and was later confirmed to affect Server 2008 and Vista as well. It's very close to a RCE exploit as well, there's the potential for it there, but we've yet to see a working PoC...

http://isc.sans.org/diary.html?storyid=7093

[muto]

It's just been confirmed that RCE is now possible through this, leading to a remote exploit that gives you administrative rights...

Worm anyone?

[TJ_2k7]

I'm not surprised in the slightest, it is Microsoft after all

Normal stuff will happen; Exploit is found, Microsoft posts 'security bulletin' and then sends a update over Windows Update =/

[Darkness62]

Do all OS's have the same issues or is it just Microsoft?

[Ict Tech]

Just Microsoft!!!

Well now, Microsoft doe have these exploits are in MS OS's, however, when a new OS is released they normally all do have some bugs, but they normally all get patched with the Updates etc

[muto]

Yeah, but Linux doesn't leave you vulnerable for a whole month until they get off the arses and do an update. When a Linux 0day comes out, there's almost always a patch being pushed within 24 hours, less if it's critical.

[Ict Tech]

Yeah, but Linux doesn't leave you vulnerable for a whole month until they get off the arses and do an update. When a Linux 0day comes out, there's almost always a patch being pushed within 24 hours, less if it's critical.

That's very true!

That is actually very true!!