Last year the Microsoft reps proposed my company an upgrade of our NT infrastructure, across the board, for approx. 1500 clients, for a "mere" $800,000 ("bla,bla,bla assurance" they called it). Taking into account the "successes" continuously recorded by Microsoft in making their systems more robust, we have decided not to "bite", and rather look into a slow migration to other OS. What makes the author of this article believe that Microsoft will change the approach of "more $$$ from all the people", to a "trustworty" development process?

Oh - by the way - here is the abstract of the latest posting on bugtrack and full-disclosure ... I do not see anything here about Windows 95 ;) ... or should we start thinking of upgrading from 2003 and XP now?!?

Announced: 2004-02-02
Type: Denial of Service Attack on Windows
Impact: smbmount can stop Windows from sharing files
Writer: Daniel Kabs, Germany (daniel.kabs@gmx.de)
Credits: Thanks to Steve Ladjabi (steve.ladjabi@web.de)

Contents:
1. Abstract
2. Affected Systems
3. Attack Setup
4. Symptoms
5. Workaround


1. Abstract

A security vulnerability of "Windows XP" and "Windows 2003 Server" has been found. Theses systems are open to a denial of service attack. If they share folders to a Unix client that is using smbmount (part of the Samba suite), any user on the client who has permissions to create directories on the mounted share can stop the Windows system from serving files. The attack induces a memory shortage on the Windows system by creating directories in a special way.
-----------------------------


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/217/24743#24743