In 2001, when Schultze worked on the SMB relay attack problem, it was impossible to patch. "Chris [Budd] may be embellishing it a little, saying that applications would break, but essentially, yes, it was too difficult to fix," said Schultze. "At that point, the IE team was pointing to the OS team and the OS team was pointing at the IE team."
So why fix it now?
"It looks like Microsoft has been noodling on this for a while, and they came up with a way to solve the problem," Schultze said. "We probably could have solved it back then if we'd had a few months to noodle on it."
Microsoft may have been prompted to act by the appearance earlier this year of an SMB relay attack module for the popular open-source Metasploit penetration and attack framework, argued Schultze. "It looks like exploit code came out in the last four or five months," he said, which made it easier for someone to create the Metasploit module.
"And Microsoft has a different security point now than 2001," Schultze added, referring to the increased emphasis that the company's put into security since before the 2004 debut of Windows XP Service Pack 2 (SP2). "I'm kind of bummed, though," he said. "I'm glad the [SMB relay attack] bug has been fixed, but I'm bummed that I didn't get to fix it."