Microsoft security patch was seven years in the making

12.11.2008
Some security patches take time.

Seven-and-a-half years, in fact, if you count the time it's taken Microsoft to patch a security issue in its SMB (Server Message Block) service, fixed Tuesday. This software is used by Windows to share files and print documents over a network.

In a , Microsoft acknowledged that "Public tools, including a Metasploit module, are available to perform this attack." Metasploit is an open-source toolkit used by hackers and security professionals to build attack code.

According to Metasploit, the flaw goes back to March 2001, when a hacker named Josh Buchbinder (a.k.a Sir Dystic) published code showing how the attack worked.

Symantec Research Manager Ben Greenbaum said the flaw may have at Defcon 2000, by Veracode Chief Scientist Christien Rioux (a.k.a. Dildog)

Whomever discovered the flaw, Microsoft seems to have taken an unusually long time to fix the bug.