There seems to be a lot of discussion regarding the 7 years it took for Microsoft to patch against SMBRelay (the name of a tool published in 2001.) There’s some speculation that Microsoft is only now addressing the issue because a Metasploit module was added in 2007 to exploit the vulnerability. Here’s our take.

Should Microsoft have patched SMB sooner? Why? Who has been adversely affected by the vulnerability? We’ve never had an Incident Response case that involved abuse of it. Given the fact that we now know there was a solution to the puzzle, chances are that solution was stumbled upon by accident in one of those “Eureka” moments. Once that idea was finally conceived, of course, it made sense for them to produce a patch, but do try to appreciate just what was at stake as they attempted to implement it and test it. Thousands, if not hundreds of thousands of 3rd party applications are based on SMB working just the way it does. Break it while patching the vulnerability and you’d have a lot of upset people.

(more…)

Today Microsoft released a patch for the “click-jacking” vulnerability announced by Robert Hanson in September. The issue, as you may remember, was that exploiting this vulnerability (in all versions of XMLHTTP but 3.0) allowed him to cause your click on a web page to be directed at anything he wanted. So you might have thought you were clicking a URL to http://securityblog.verizonbusiness.com, but you’d visit http://Ive_Got_You_Now_Sucker.com.

(more…)

From January to July 2008 Microsoft’s technologies disinfected just over 8 million more computers than it did in the previous six month period according to their just released 5th Security Intelligence Report.

Such a statement will make many jump to the conclusion that the state of crimeware is getting worse. But such a conclusion may not be accurate. For example, the increase in distinct computers cleansed in this latest period is just under 50%, whereas in the 2H07 report the increase was just over 79%. The increase in 1H07 was 95%. So the percentage increase this time around is smaller than it has been previously. The same can be said for the number of distinct infections cleansed. 1H08 was 47% higher than 2H07, but 2H07 was 219% higher than 1H07 and 1H07 was 80% higher than 2H06.

(more…)