Microsoft is blaming human error for the the critical SMB v2 vulnerability that exposed Windows users to remote code execution attacks. Redmond security guru Michael Howard argues that it s near impossible to catch these types of bugs with existing code review tools and techniques. The company detected the vulnerable code very late in the Windows 7 development process but argued that there are no static analysis tools or.SDL requirements that would spot this type of human error. Howard did not explain why the fix was not back-ported to Windows Vista and other vulnerable versions.
Source: https://threatpost.com/microsoft-blames-human-error-critical-smb2-vulnerability-101909/72341/