FYI. During the April 2010 Windows Update cycle a hot fix to the SMB redirector was pushed to Windows machines around the world. http://www.microsoft.com/technet/security/bulletin/MS10-020.mspx?pubDate=2010-04-13
What this fix does is add a validation operation on the data structures returned when an application issues the GetSecurityInfo() API. Experience has shown that failure to support this query causes many applications to crash. Therefore, the AFS SMB Server returns a null security descriptor. This descriptor is not considered valid by the new SMB validation code and the error STATUS_INVALID_NETWORK_RESPONSE is returned to the application. The failure of the API to complete results in the termination of many applications. The Windows TCL implementation is known to call this API. The hot fix is labeled "critical" because without the validator arbitrary data structures can be passed to the application that issues the query. There is no known fix for the problem that we can apply to OpenAFS at the current time. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
