Wednesday, January 14, 2009

Is it time for rewriting SMB stuff?

Since the beginning of Microsoft security efforts there are lots of reports of chunks of code being rewritten from scratch to address old and recurring problems. Now, why do we still have to deal with vulnerabilities related to SMB (MS09-001, MS08-063, MS06-063), when everybody knows that the components that deal with it are present and enabled on almost all Windows boxes? We have another vulnerability that impacts Windows 2000, XP, 2003, 2008 (core server included) and Vista. Does anybody know if the Windows 7 beta is also vulnerable?Isn't it time to rewrite Server and Workstation services?