As far as I know, IE 3.02 corrected only sending NTLM logins thru HTTP
connections, and I suppose you are talking about capturing
username/password hashes sent via SMB/CIFS (file://aaa.bbb.ccc.ddd).
I'm still downloading SP3, but after a look at the readme it looked me that
SP3 could empower a administrator to fix such bug by enabling the SMB
signing feature; it would not fix it at installation.
And with or without SP3, filtering routers blocking 135/137/138/139 ports
make this exploit and similar ones limited to Intranets.
| To date, microsoft has not fixed this and similiar security holes! Maybe
a
| expoit code release to BUGTRAQ is in order to help speed things up.
Hasn't one exploit code been released to SAMBA-DIGEST ? It captures the
password hashes, which someone could pass to l0phtcrack and similar
crackers.
Other exploits such as real-time password cracking hasn't been released,
but I'm not sure if such release would make Microsoft go faster.
| By the way, I have been conversing with CERT the last 2 months, and they
| still believe that Microsoft will fix the problem and CERT does not want
| to issue an Advisory until the bug is fixed. However CERT should atleast
be
| notifing administrators to warn users not to use Internet Explorer until
| this bug is fixed.
I think that's why BugTraq exists.
Rubens Kuhl Jr.