Microsoft Security Patch Was Seven Years in the Making
Robert McMillan writes on PC World:
Some security patches take time.More here.
Seven-and-a-half years, in fact, if you count the time it's taken Microsoft to patch a security issue in its SMB (Server Message Block) service, fixed Tuesday. This software is used by Windows to share files and print documents over a network.
In a blog posting, Microsoft acknowledged that "Public tools, including a Metasploit module, are available to perform this attack." Metasploit is an open-source toolkit used by hackers and security professionals to build attack code.
According to Metasploit, the flaw goes back to March 2001, when a hacker named Josh Buchbinder (a.k.a Sir Dystic) published code showing how the attack worked.