Dailydave mailing list archives
There will be no out of band patch for SMBv2.
From: dave <dave () immunityinc com>
Date: Tue, 29 Sep 2009 14:22:33 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Congrats to Stephen Fewer of Harmony Security and co. for releasing an exploit for SMBv2. It's a very nice piece of work! I asked the Immunity team to take a look into the new exploit to assess whether Microsoft would patch the SMBv2 bug early, and our initial assessment is "no, they will not." Our assessment is that the exploit works by relying on some key magic numbers - one of which is what redirects execution to the payload. In some circumstances, this magic number is always the same - i.e. in VMWare or in some specific hardware configurations. However, in many situations (i.e. you don't have the exact same hardware the exploit expects) this number will be different, resulting in a bluescreen. Working around this issue in the current public exploit is probably two weeks of work. At that point, we're nearing Microsoft Tuesday and the need for an out of band patch is moot. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkrCUGkACgkQtehAhL0ghepLrgCghFLhq4wdi7EmwvEQo5+gFTst 4NQAnjZMSCVgPSK3i3+XoyBX72zCQ9vV =tbOE -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- There will be no out of band patch for SMBv2. dave (Sep 29)