Remover vulnerabilidade pode ser complicado

Independendentemente da discussão sobre se a Microsoft devia ou não ter resolvido o problema mais depressa, este artigo sobre uma vulnerabilidade que demorou 7 anos (!) a ser removida mostra que essa operação pode não ser nada simples. Um pequeno excerto:

"When this issue was first raised back in 2001, we said that we could not make changes to address this issue without negatively impacting network-based applications. And to be clear, the impact would have been to render many (or nearly all) customers’ network-based applications then inoperable. For instance, an Outlook 2000 client wouldn’t have been able to communicate with an Exchange 2000 server. We did say that customers who were concerned about this issue could use SMB signing as an effective mitigation, but, the reality was that there were similar constraints that made it infeasible for customers to implement SMB signing."


O artigo completo no blog Zero Day:
Why did Microsoft wait 7 years to fix SMBRelay attack flaw?