Microsoft Security Patch Was Seven Years in the Making

Some security patches take time. Seven-and-a-half years, in fact, if you count the time it's taken Microsoft to patch a security issue in its SMB (Server Message Block) service, fixed Tuesday.

This software is used by Windows to share files and print documents over a network. In a blog posting, Microsoft acknowledged that "Public tools, including a Metasploit module, are available to perform this attack." Metasploit is an open-source toolkit used by hackers and security professionals to build attack code.

According to Metasploit, the flaw goes back to March 2001, when a hacker named Josh Buchbinder (a.k.a Sir Dystic) published code showing how the attack worked.