Friday, May 26, 2006

MSRC Blog : Incorrect reports of a new Windows 2000 SMB vulnerability

MSRC is the Microsoft Security Response Center. I wanted to reassure everybody this is an already patched item. Though a different type of exploit, the patch still protects the server.

Hey everyone. Stephen Toulouse here. There has been a bit of a flurry of activity here in Redmond this morning when we noticed a couple of people releasing information about an SMB vulnerability in Windows 2000.

We just want to let everyone know that we've investigated this claim and found the vulnerability being discussed is fixed by MS05-011, a security update released almost 16 months ago. We contacted our partners on this and made sure they understood this is not new. What *is* new is that someone reportedly has found a different way to exploit the vulnerability. But if you have the update, you're protected.

Just as a long U.S. holiday reminder, we watch the secure@microsoft.com email 365 days a year, so we'll have an eye out this weekend. In addition, teams are still working on the Office Word update.

Here's wishing everyone a safe Memorial Day weekend in the U.S., and a safe weekend in general to our international customers as well.

S.

*This posting is provided "AS IS" with no warranties, and confers no rights.*

--MissM
edit: [consider this the caveat, aka "according to Microsoft"]
MSRC Blog : Incorrect reports of a new Windows 2000 SMB vulnerability

No comments:

Post a Comment

All comments are moderated.

Note: Only a member of this blog may post a comment.