Microsoft Security Vulnerabilities Pose Worm Threat

By David Worthington | Tuesday, January 13, 2009 at 6:03 pm

Vulnerabilities in Microsoft’s Server Message Block (SMB) file-sharing protocol could pose a serious threat to enterprise networks if companies fail to promptly patch their systems, according to reports. Microsoft has released fixes for the holes.

For Microsoft, the days when worms like Blaster and Sasser regularly blackened its eye have passed; the number of major operating system vulnerabilities fell dramatically after it weaved security into its development life cycle. However, two out of the three SMB vulnerabilities that the company disclosed today are critical enough that virus writers could exploit them in a similar fashion.

I don’t expect anything on the scale of Blaster or Sasser to happen even though un-patched enterprise systems will be easy targets. Microsoft has better security procedures in place, and will get the word out to network administrators. Most home users will be using firewall and have anti virus protection; the average user should be well protected.

These defects do not mean that Microsoft is returning to the bad old days of Windows security. It has made a big investment in its security development life cycle, and has top down approval from upper management. In fact, Microsoft invests more into security than most software makers, has a comprehensive patch process, and has firm plans for how future operating systems should handle security.

Microsoft’s problem is all of the legacy code and protocols that it must continue to support – they weigh like an anchor around its neck. While Microsoft introduced the affected protocol SMB 2.0 in 2006, SMB itself dates back circa the early 1990s. It would not at all surprise me if these vulnerabilities have something to do with legacy support (it’s too late in the evening to expect a response from Microsoft).

We attempted to reach several security experts for analysis, but did not receive a response before press time. I will update this story should any contribute their ideas this evening.

Comments are closed

Read more: Microsoft, Security, SMB, Windows

The Weird History of Windows
Laptopia: Twenty-One Totally Bizarre Laptops
Fifteen Classic Game Console Design Mistakes
The Thirteen Greatest Error Messages of All Time
When the Muppets Worked for IBM
Tech Products That Were Brilliant. And Doomed
The Legend of the Legend of Zelda
15 Breakthrough Products That Went Absolutely Nowhere
The 25 Most Notable Quotes in Tech History
How 1940s Whiskey Ads Predicted the Future
The Great Operating System Games
The Weird Secret Origin of Tech's Favorite Insult

Technologizer by Harry McCracken

Microsoft Security Vulnerabilities Pose Worm Threat

The Weird History of Windows

Laptopia: Twenty-One Totally Bizarre Laptops

Fifteen Classic Game Console Design Mistakes

The Thirteen Greatest Error Messages of All Time

When the Muppets Worked for IBM

Tech Products That Were Brilliant. And Doomed

The Legend of the Legend of Zelda

15 Breakthrough Products That Went Absolutely Nowhere

The 25 Most Notable Quotes in Tech History

How 1940s Whiskey Ads Predicted the Future

The Great Operating System Games

The Weird Secret Origin of Tech's Favorite Insult

Technologizer Info

Technologizer Everywhere

Technologizer Topics