Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Friday March 13 2020, @02:30AM   Printer-friendly
from the munch-munch-munch-munch-munchmunch-munch-munch-munch-munch-munch-munch-
munch
I-haz-r00t!
dept.

Thought you were done after Tuesday's 115-fix day? Not yet: Microsoft emits crisis SMBv3 worm-cure patch

Designated CVE-2020-0796, the bug can be exploited by an unauthenticated attacker to execute malicious code, at administrator level, on an un-patched system simply by sending the targeted system specially crafted compressed data packets. A hacker thus just needs to reach a vulnerable machine on the internet or network to fully compromise it.

[...]"While we have not observed an attack exploiting this vulnerability, we recommend that you apply this update to your affected devices with priority," Microsoft says of the update.

The SMB bug fix was a late addition to Microsoft's March edition of Patch Tuesday – after the security hole was accidentally disclosed by the Cisco Talos research team in a blog post recapping this month's updates: Cisco thought Microsoft had fixed the bug this week as part of March's Patch Tuesday, and alerted the world to the bug's presence to get people to install their updates. In reality, Microsoft hoped to patch the hole later this year, no patch was available, and now everyone knew there was a hole in the compression part of the SMBv3 code.

The revelation sent Microsoft scrambling to post a fix for the flaw just hours after it had emitted updates for 115 other CVE-listed security vulnerabilities.

Designed to allow shared access to files, printers, and hardware ports, SMBv3 is a network protocol included in desktop and server editions of Windows. The bug was particularly nasty as it did not require user interaction and thus could have been exploited by a worm to spread over an entire network.

"Worm". How many here have ever experienced an internet worm? I remember the havoc caused by the original Morris worm when it was released way back on Wednesday, November 2, 1988. We were off the net for at least a full day as our admins tried to figure out what was going on. And even when we got back on-line, things took several days to get back to anything approaching normal.

Not only has the internet grown tremendously over the past 30+ years, the world is now so much more dependent on it.

Also at: Security Week.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by bzipitidoo on Friday March 13 2020, @03:12AM (2 children)

    by bzipitidoo (4388) on Friday March 13 2020, @03:12AM (#970529) Journal

    Naive to the max. In 1988, it was incredibly easy for any user to bring a PC network, or for that matter, a minicomputer or mainframe, to a standstill just by making an honest mistake, no malicious intent required. I did it just by making an infinite loop that scanned a networked directory for files, without any pause between scans. Oops. That was only possible because the networks of those times had nothing in the way of fair scheduling, and would happily let a rogue process like mine starve everyone else. Every other computer on the network quit responding even to keypresses, until I hit ctrl-c. Added a sleep command to the loop, and that solved that problem, whew.

    And security was a joke. Passwords were stored in plaintext. No one had heard of cryptographic hashing, or salt. Anyone with admin access could simply cat /etc/password, and see everyone's login info. On the mainframe, the password checker did not bother erasing memory before returning it to the OS, and so it was quite easy to write a program to exploit that, no admin access needed. Allocate lots of RAM, string search it for your own password, and if found, notify you so you could look around that area of memory and likely see everyone's password.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Friday March 13 2020, @01:47PM (1 child)

    by Anonymous Coward on Friday March 13 2020, @01:47PM (#970684)

    Passwords were stored in plaintext. No one had heard of cryptographic hashing, or salt. Anyone with admin access could simply cat /etc/password, and see everyone's login info.

    • The passwords in /etc/passwd were in fact hashed with salt, so your claim is fundamentally wrong.
    • You don't need "admin access" to cat /etc/passwd because it's world-readable -- the one legitimate criticism of the original /etc/passwd scheme, and you missed it.
    • But password shadowing (which fixes this) did exist in 1988, even though it was not yet popular.
    • (Score: 0) by Anonymous Coward on Monday March 16 2020, @06:05AM

      by Anonymous Coward on Monday March 16 2020, @06:05AM (#971804)

      Wut?

      In the early 90s, Linux's passwd file was certainly NOT salted.