There will be no out of band patch for SMBv2.

[dave <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Congrats to Stephen Fewer of Harmony Security and co. for releasing an
exploit for SMBv2. It's a very nice piece of work!

I asked the Immunity team to take a look into the new exploit to assess
whether Microsoft would patch the SMBv2 bug early, and our initial
assessment is "no, they will not."

Our assessment is that the exploit works by relying on some key magic
numbers - one of which is what redirects execution to the payload. In
some circumstances, this magic number is always the same - i.e. in
VMWare or in some specific hardware configurations. However, in many
situations (i.e. you don't have the exact same hardware the exploit
expects) this number will be different, resulting in a bluescreen.

Working around this issue in the current public exploit is probably two
weeks of work. At that point, we're nearing Microsoft Tuesday and the
need for an out of band patch is moot.

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkrCUGkACgkQtehAhL0ghepLrgCghFLhq4wdi7EmwvEQo5+gFTst
4NQAnjZMSCVgPSK3i3+XoyBX72zCQ9vV
=tbOE
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave