One word. Linux. After this we'll probably see (yet more) additional processes running on windows boxes safe guarding against issues like this, forcing windoze users to upgrade memory/processor/disk space. I, for one, am not looking at Windoze 10 S as it locks too many applications needed for work to the Windoze store.
Getting kind of ridiculous if you ask me. -Joe On Fri, May 12, 2017 at 11:56 PM, Keith Medcalf <kmedc...@dessus.com> wrote: > > Well, this one was patched (or more accurately, undone). Perhaps. Maybe. > > How many other "paid defects" do you estimate there are in Microsoft > Windows waiting to be exploited when discovered (or disclosed) by someone > other than the "Security Agency" buying the defect? > > Almost certainly more than just this one ... and almost certainly there is > more than a single "payor agency" independently purchasing the deliberate > introduction of code defects. > > -- > ˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı > > > > -----Original Message----- > > From: Nathan Brookfield [mailto:nathan.brookfi...@simtronic.com.au] > > Sent: Friday, 12 May, 2017 22:48 > > To: Keith Medcalf > > Cc: nanog@nanog.org > > Subject: Re: Please run windows update now > > > > Well it was patched by Microsoft of March 14th, just clearly people > > running large amounts of probably Windows XP have been owned. > > > > Largely in Russia. > > > > Nathan Brookfield > > Chief Executive Officer > > > > Simtronic Technologies Pty Ltd > > http://www.simtronic.com.au > > > > On 13 May 2017, at 14:47, Keith Medcalf <kmedc...@dessus.com> wrote: > > > > > > The SMBv1 issue was disclosed a year or two ago and never patched. > > Anyone who was paying attention would already have disabled SMBv1. > > > > Thus is the danger and utter stupidity of "overloading" the function of > > service listeners with unassociated road-apples. Wait until the bad guys > > figure out that you can access the same "services" via a connection to > the > > DNS port (UDP and TCP 53) on windows machines ... > > > > -- > > ˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı > > > > > > > -----Original Message----- > > > From: NANOG [mailto:nanog-bounces+kmedcalf=dessus....@nanog.org] On > > Behalf > > > Of Karl Auer > > > Sent: Friday, 12 May, 2017 18:58 > > > To: nanog@nanog.org > > > Subject: Re: Please run windows update now > > > > > >> On Fri, 2017-05-12 at 10:30 -0800, Royce Williams wrote: > > >> - In parallel, consider investigating low-hanging fruit by OU > > >> (workstations?) to disable SMBv1 entirely. > > > > > > Kaspersky reckons the exploit applies to SMBv2 as well: > > > > > > https://securelist.com/blog/incidents/78351/wannacry- > ransomware-used-in > > > -widespread-attacks-all-over-the-world/ > > > > > > I thought it was a typo in para 2 and the table, but they emailed back > > > saying nope, SMBv2 is (was) also broken. However, they also say (same > > > page) that the MS patch released in March this year fixes it. > > > > > > Assuming they are right, I wonder why Microsoft didn't mention SMBv2? > > > > > > Regards, K. > > > > > > -- > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ~~~~~~~~~~~ > > > Karl Auer (ka...@biplane.com.au) > > > http://www.biplane.com.au/kauer > > > http://twitter.com/kauer389 > > > > > > GPG fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A > > > Old fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B > > > > > > > > > > > > > >
