A couple weekends ago, news of a SMB exploit in Windows 8.1, Windows 10, and Windows Server editions was discovered and reported in hopes that Microsoft would deliver an update to plug the hole. Further investigation reveals that Microsoft has known about the issue, but failed to deliver a fix in its Cumulative Update releases for the past 3 months. The company is rumored to deliver the update this month, but the exploit has already gone live in the wild.
The problem is serious enough to warrant an alert from US-CERT: Microsoft Windows SMB Tree Connect Response denial of service vulnerability
Why Microsoft has failed to deliver a fix has not been communicated by the company. However, many blame it on Microsoft’s latest attempt at rewriting its patching policies due to how it needs to providing servicing for its latest operating system, Windows 10. Microsoft wants to deliver a single Cumulative Update for security once a month. This type of policy puts customers at risk and could cost them more to support the Microsoft platform if they are having to apply mitigations constantly.
Microsoft’s lack of quality for its updates goes back years and has, at times, been a historic blemish on the company – with many updates breaking applications, business networks, and even entire computer operations.
Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!