By David Worthington | Tuesday, January 13, 2009 at 6:03 pm
Vulnerabilities in Microsoft’s Server Message Block (SMB) file-sharing protocol could pose a serious threat to enterprise networks if companies fail to promptly patch their systems, according to reports. Microsoft has released fixes for the holes.
For Microsoft, the days when worms like Blaster and Sasser regularly blackened its eye have passed; the number of major operating system vulnerabilities fell dramatically after it weaved security into its development life cycle. However, two out of the three SMB vulnerabilities that the company disclosed today are critical enough that virus writers could exploit them in a similar fashion.
I don’t expect anything on the scale of Blaster or Sasser to happen even though un-patched enterprise systems will be easy targets. Microsoft has better security procedures in place, and will get the word out to network administrators. Most home users will be using firewall and have anti virus protection; the average user should be well protected.
These defects do not mean that Microsoft is returning to the bad old days of Windows security. It has made a big investment in its security development life cycle, and has top down approval from upper management. In fact, Microsoft invests more into security than most software makers, has a comprehensive patch process, and has firm plans for how future operating systems should handle security.
Microsoft’s problem is all of the legacy code and protocols that it must continue to support – they weigh like an anchor around its neck. While Microsoft introduced the affected protocol SMB 2.0 in 2006, SMB itself dates back circa the early 1990s. It would not at all surprise me if these vulnerabilities have something to do with legacy support (it’s too late in the evening to expect a response from Microsoft).
We attempted to reach several security experts for analysis, but did not receive a response before press time. I will update this story should any contribute their ideas this evening.