Update the description and references to reflect (hah) MS08-068

git-svn-id: file:///home/svn/framework3/trunk@5890 4d416f70-5f16-0410-b530-b9f4589650da

modules/exploits/windows/smb/smb_relay.rb

@@ -53,6 +53,13 @@ class Metasploit3 < Msf::Exploit::Remote
 			The SMB authentication relay attack was first reported by Sir Dystic on
 			March 31st, 2001 at @lanta.con in Atlanta, Georgia.
 			
+			On November 11th 2008 Microsoft released bulletin MS08-068. This bulletin
+			includes a patch which prevents the relaying of challenge keys back to 
+			the host which issued them, preventing this exploit from working in
+			the default configuration. It is still possible to set the SMBHOST
+			parameter to a third-party host that the victim is authorized to access,
+			but the "reflection" attack has been effectively broken.
+			
 			},
 			'Author'         => 
 				[ 
@@ -73,6 +80,9 @@ class Metasploit3 < Msf::Exploit::Remote
 				},
 			'References'     =>
 				[
+					[ 'MSB', 'MS08-068'],
+					[ 'CVE', '2008-4037'],
+					[ 'URL', 'http://blogs.technet.com/swi/archive/2008/11/11/smb-credential-reflection.aspx'],
 					[ 'URL', 'http://en.wikipedia.org/wiki/SMBRelay' ],
 					[ 'URL', 'http://www.microsoft.com/technet/sysinternals/utilities/psexec.mspx' ],					
 					[ 'URL', 'http://www.xfocus.net/articles/200305/smbrelay.html' ]