I hold WinXP users at fault for any problems they are having. It's clearly an unsupported and insecure operating system.
The issue I'm addressing is not one of individual patches. I applaud Microsoft for keeping their system patched in a timely manner.
What I'm taking issue with is the these types of exploits are allowed to happen at all. The OS could be designed to prevent this type of exploit from either happening, or at least significantly mitigating the damage. Until this underlying flaw is addressed we'll continue to see these attacks.
So, I see this argument being equivalent to saying websites shouldn't allow 3rd party ads because those ads can be used to drop malware. Websites shouldn't allow for iframes because a XSS could drop an iframe that drops ransomware via drive-by attack. In this regard, Microsoft should also be held responsible for allowing VB scripts to be linked in a Word document because those are also common methods of malware dissemination.
In a way yes. We must be designing software assuming that these vectors will be used to attack a system. As you correctly show, this isn't a problem limited to just Microsoft. It's a design issue that all projects face. We continue to use designs that do not adequately product our systems from attacks.
Websites allowing 3rd party ads is one particular thing that is a security/privacy issue. I mentioned this in another article of mine: mortoray.com/2017/05/02/fix-your-c...
The underlying flaw(s) in this case have been mitigated. The current SMB protocol is versions ahead of what was exploited here - the problem is that MS has to keep backwards compatibility for products / clients running older software. The onus is on the consumer to stay up-to-date.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I hold WinXP users at fault for any problems they are having. It's clearly an unsupported and insecure operating system.
The issue I'm addressing is not one of individual patches. I applaud Microsoft for keeping their system patched in a timely manner.
What I'm taking issue with is the these types of exploits are allowed to happen at all. The OS could be designed to prevent this type of exploit from either happening, or at least significantly mitigating the damage. Until this underlying flaw is addressed we'll continue to see these attacks.
So, I see this argument being equivalent to saying websites shouldn't allow 3rd party ads because those ads can be used to drop malware. Websites shouldn't allow for iframes because a XSS could drop an iframe that drops ransomware via drive-by attack. In this regard, Microsoft should also be held responsible for allowing VB scripts to be linked in a Word document because those are also common methods of malware dissemination.
Is that your line of thinking?
In a way yes. We must be designing software assuming that these vectors will be used to attack a system. As you correctly show, this isn't a problem limited to just Microsoft. It's a design issue that all projects face. We continue to use designs that do not adequately product our systems from attacks.
Websites allowing 3rd party ads is one particular thing that is a security/privacy issue. I mentioned this in another article of mine: mortoray.com/2017/05/02/fix-your-c...
The underlying flaw(s) in this case have been mitigated. The current SMB protocol is versions ahead of what was exploited here - the problem is that MS has to keep backwards compatibility for products / clients running older software. The onus is on the consumer to stay up-to-date.