[194566] in North American Network Operators' Group
RE: Please run windows update now
daemon@ATHENA.MIT.EDU (Keith Medcalf)
Sat May 13 00:56:51 2017
X-Original-To: nanog@nanog.org
Date: Fri, 12 May 2017 22:56:47 -0600
In-Reply-To: <433F66FA-85E0-4F16-91CD-819700E0309D@simtronic.com.au>
From: "Keith Medcalf" <kmedcalf@dessus.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Well, this one was patched (or more accurately, undone). Perhaps. Maybe. =
How many other "paid defects" do you estimate there are in Microsoft Window=
s waiting to be exploited when discovered (or disclosed) by someone other t=
han the "Security Agency" buying the defect?
Almost certainly more than just this one ... and almost certainly there is =
more than a single "payor agency" independently purchasing the deliberate i=
ntroduction of code defects.
--
=CB=99u=CA=8Dop-=C7=9Dp=C4=B1sdn s=C4=B1 =C9=B9o=CA=87=C4=B1uo=C9=AF =C9=B9=
no=CA=8E 's=C4=B1=C9=A5=CA=87 p=C9=90=C7=9D=C9=B9 u=C9=90=C9=94 no=CA=8E =
=C9=9F=C4=B1
> -----Original Message-----
> From: Nathan Brookfield [mailto:Nathan.Brookfield@simtronic.com.au]
> Sent: Friday, 12 May, 2017 22:48
> To: Keith Medcalf
> Cc: nanog@nanog.org
> Subject: Re: Please run windows update now
>
> Well it was patched by Microsoft of March 14th, just clearly people
> running large amounts of probably Windows XP have been owned.
>
> Largely in Russia.
>
> Nathan Brookfield
> Chief Executive Officer
>
> Simtronic Technologies Pty Ltd
> http://www.simtronic.com.au
>
> On 13 May 2017, at 14:47, Keith Medcalf <kmedcalf@dessus.com> wrote:
>
>
> The SMBv1 issue was disclosed a year or two ago and never patched.
> Anyone who was paying attention would already have disabled SMBv1.
>
> Thus is the danger and utter stupidity of "overloading" the function of
> service listeners with unassociated road-apples. Wait until the bad guys
> figure out that you can access the same "services" via a connection to th=
e
> DNS port (UDP and TCP 53) on windows machines ...
>
> --
> =CB=99u=CA=8Dop-=C7=9Dp=C4=B1sdn s=C4=B1 =C9=B9o=CA=87=C4=B1uo=C9=AF =C9=
=B9no=CA=8E 's=C4=B1=C9=A5=CA=87 p=C9=90=C7=9D=C9=B9 u=C9=90=C9=94 no=CA=8E=
=C9=9F=C4=B1
>
>
> > -----Original Message-----
> > From: NANOG [mailto:nanog-bounces+kmedcalf=3Ddessus.com@nanog.org] On
> Behalf
> > Of Karl Auer
> > Sent: Friday, 12 May, 2017 18:58
> > To: nanog@nanog.org
> > Subject: Re: Please run windows update now
> >
> >> On Fri, 2017-05-12 at 10:30 -0800, Royce Williams wrote:
> >> - In parallel, consider investigating low-hanging fruit by OU
> >> (workstations?) to disable SMBv1 entirely.
> >
> > Kaspersky reckons the exploit applies to SMBv2 as well:
> >
> > https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in
> > -widespread-attacks-all-over-the-world/
> >
> > I thought it was a typo in para 2 and the table, but they emailed back
> > saying nope, SMBv2 is (was) also broken. However, they also say (same
> > page) that the MS patch released in March this year fixes it.
> >
> > Assuming they are right, I wonder why Microsoft didn't mention SMBv2?
> >
> > Regards, K.
> >
> > --
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Karl Auer (kauer@biplane.com.au)
> > http://www.biplane.com.au/kauer
> > http://twitter.com/kauer389
> >
> > GPG fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A
> > Old fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
> >
>
>
>
