Windows: Unsafe at any speed?

Microsoft has issued an emergency patch for Windows (again). Is it time to finally trade in that old clunker for something that works? Cringely has a few thoughts.

Ever have one of those old jalopies you just can't seem to get rid of? It chugs along, but the wheels keep coming off, the transmission's making a disturbing ka-thunka-thunka noise, and there's a viscous oily substance oozing from the crankcase? Yet its creators keep telling you that it just needs a little wax job and everything will be fine. No, I'm not talking about the McCain campaign; I'm talking about Windows and its latest emergency patch, issued yesterday more than two weeks ahead of the usual Patch Tuesday release.

Something has apparently gone terribly wrong with the network file and print sharing services for Windows XP, 2000, and Server 2003. (The flaw also affects Vista and Server 2008, but less severely.) Microsoft is not only issuing an out-of-cycle patch for the first time since April 2007, it's fixing a critical flaw that hasn't been reported by any of the usual suspects in the security community. So it must be HUGE.

Per BetaNews:

...the list of services that could be affected by this latest hole, is astounding. Most importantly, anything that relies on Server Message Block (SMB) including the Common Internet File System (CIFS), any kind of file or print sharing, remote group policy enforcement, the print spooler, the indexing service, and network logon -- all of these are among the items impacted by a potential hijacking of the Server service. Essentially, anything that need[s] sharing or to be shared goes through the SMB protocol, which is managed by the Server service.

As IDG's Bob McMillan reports, security wonks needed just two hours to come up with code that could exploit the flaw using that old hacker chestnut, the stack overflow exploit.

There was a time when Microsoft would sit on this sort of thing for weeks, waiting for an exploit to occur. So give them credit for being proactive. Still, it's kind of like GM issuing a warning saying your Chevy's engine may suddenly explode when you hit 60 mph, so you might want to bring it in for a tuneup.

Is it finally time to trade in that old jalopy for something you can rely on? And if so, what would it be? Post your thoughts below or e-mail me direct: cringe (at) infoworld (dot) com.

Think you've got the right stuff to pass our tech quizzes? They're not as easy as they look:

The InfoWorld News Quiz

Test Your Geek IQ

Test Your Network Security IQ


Copyright © 2008 IDG Communications, Inc.