homepage Welcome to WebmasterWorld Guest from 23.22.128.96
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Microsoft / Deprecated - Microsoft Windows OS (XP/NT/Vista)
Forum Library, Charter, Moderators: bill

Deprecated - Microsoft Windows OS (XP/NT/Vista) Forum

    
Microsoft issues critical Windows patches
Patch Tuesday - September 2009
bill




msg:3986440
 4:59 am on Sep 9, 2009 (gmt 0)

September's Patch Tuesday is here with a number of vulnerabilities patched across several MS OSs (not Windows 7).

Microsoft issues critical Windows patches [news.cnet.com]

Microsoft on Tuesday issued five critical Windows-related updates as part of its monthly Patch Tuesday release.

While the issues affect different versions of Windows differently, Microsoft said none of the issues apply to the final version of Windows 7, which Microsoft wrapped up in July.

The five bulletins address eight vulnerabilities. According to Symantec Security Response research manager Ben Greenbaum, the two vulnerabilities most likely to be used by attackers involve the way Windows handles ASF and MP3 media files. "We've seen similar exploits in the past and all a user would have to do is visit a compromised Web site hosting one of these malicious files, which could be an MP3, WMA or WMV file, and they could become infected."


 

BeeDeeDubbleU




msg:3986461
 5:15 am on Sep 9, 2009 (gmt 0)

Thanks for that Bill.

gn_wendy




msg:3986494
 7:15 am on Sep 9, 2009 (gmt 0)

wonder if/when they want to address this issue:


I. VULNERABILITY
-------------------------
Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

III. DESCRIPTION
-------------------------
SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionnality.
The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it's used to identify the SMB dialect that will be used for futher communication.

V. BUSINESS IMPACT
-------------------------
An attacker can remotly crash any Vista/Windows 7 machine with SMB enable.
Windows Xp, 2k, are NOT affected as they dont have this driver.

VI. SYSTEMS AFFECTED
-------------------------
Windows Vista/7 All (64b/32b�SP1/SP2 fully updated) and possibly Win Server 2008
as it use the same SMB2.0 driver (but not tested).

<added> Apparently from [lists.grok.org.uk...]

[edited by: bill at 7:35 am (utc) on Sep. 9, 2009]
[edit reason] Added link to source [/edit]

bill




msg:3986504
 7:41 am on Sep 9, 2009 (gmt 0)

You neglected to quote this part:
- Release date: September 7th, 2009
or this part:
VII. SOLUTION
-------------------------
Vendor contacted, but no patch available for the moment.
Close SMB feature and ports, until a patch is provided.

I'd assume that means it is in process as MS has been notified, and 1 day notice wasn't long enough to allow MS to make the patch, test it and have it in a form that was ready to release. If it becomes an actively exploited hole you can bet that MS will escalate it.

Keep in mind that Windows 7, while having reached RTM, isn't being sold publicly yet. That might shift the priority for this patch a little.

bill




msg:3987088
 3:58 am on Sep 10, 2009 (gmt 0)

I looked at the SMB vulnerability a bit more, and that is a zero-day vulnerability. Microsoft has released Security Advisory (975497) [microsoft.com]: Vulnerabilities in SMB Could Allow Remote Code Execution

This affects SMB sharing technology in Vista, Windows Server 2008, and Windows 7. In Windows 7 this is not a problem in the RTM, but it is a problem in the RC version of Windows 7. Beware.

The suggestion is that a firewall on your PC or network should protect you from this vulnerability until a patch is made available.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Microsoft / Deprecated - Microsoft Windows OS (XP/NT/Vista)
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved