Safari fixes and SMB vulnerability (Update)

apple_1Apple just released their web browser Safari in version 4.0.4 – both for Mac OS X and for Windows. Previous versions have some serious security vulnerabilities which can lead to remote code execution, crashes or to information disclosure, for example. More details can be found in Apples security advisory.

microsoft_logoJust after the November patchday this week new reports about an issue with Microsofts SMB implementation in Windows 7 and Windows Server 2008 popped up. Rob VandenBrink of the Internet Storm Center took the publicly available exploit code, fixed a line of code – et voilà, a machine with Windows 7 or Server 2008 connecting to this faked server instantly freezes. There are no reports yet about Microsoft investigating this issue.

Update: Microsoft has released a security advisory this weekend where the company explains that it investigates the reports and is preparing a patch.

Dirk Knop
Technical Editor