Welcome to WebmasterWorld Guest from 54.226.194.180

Forum Moderators: bill

Message Too Old, No Replies

Microsoft issues critical Windows patches

Patch Tuesday - September 2009

     

bill

4:59 am on Sep 9, 2009 (gmt 0)

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



September's Patch Tuesday is here with a number of vulnerabilities patched across several MS OSs (not Windows 7).

Microsoft issues critical Windows patches [news.cnet.com]

Microsoft on Tuesday issued five critical Windows-related updates as part of its monthly Patch Tuesday release.

While the issues affect different versions of Windows differently, Microsoft said none of the issues apply to the final version of Windows 7, which Microsoft wrapped up in July.

The five bulletins address eight vulnerabilities. According to Symantec Security Response research manager Ben Greenbaum, the two vulnerabilities most likely to be used by attackers involve the way Windows handles ASF and MP3 media files. "We've seen similar exploits in the past and all a user would have to do is visit a compromised Web site hosting one of these malicious files, which could be an MP3, WMA or WMV file, and they could become infected."

BeeDeeDubbleU

5:15 am on Sep 9, 2009 (gmt 0)

WebmasterWorld Senior Member beedeedubbleu is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Thanks for that Bill.

gn_wendy

7:15 am on Sep 9, 2009 (gmt 0)

5+ Year Member



wonder if/when they want to address this issue:


I. VULNERABILITY
-------------------------
Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

III. DESCRIPTION
-------------------------
SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionnality.
The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it's used to identify the SMB dialect that will be used for futher communication.

V. BUSINESS IMPACT
-------------------------
An attacker can remotly crash any Vista/Windows 7 machine with SMB enable.
Windows Xp, 2k, are NOT affected as they dont have this driver.

VI. SYSTEMS AFFECTED
-------------------------
Windows Vista/7 All (64b/32b�SP1/SP2 fully updated) and possibly Win Server 2008
as it use the same SMB2.0 driver (but not tested).

<added> Apparently from [lists.grok.org.uk...]

[edited by: bill at 7:35 am (utc) on Sep. 9, 2009]
[edit reason] Added link to source [/edit]

bill

7:41 am on Sep 9, 2009 (gmt 0)

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



You neglected to quote this part:
- Release date: September 7th, 2009
or this part:
VII. SOLUTION
-------------------------
Vendor contacted, but no patch available for the moment.
Close SMB feature and ports, until a patch is provided.

I'd assume that means it is in process as MS has been notified, and 1 day notice wasn't long enough to allow MS to make the patch, test it and have it in a form that was ready to release. If it becomes an actively exploited hole you can bet that MS will escalate it.

Keep in mind that Windows 7, while having reached RTM, isn't being sold publicly yet. That might shift the priority for this patch a little.

bill

3:58 am on Sep 10, 2009 (gmt 0)

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



I looked at the SMB vulnerability a bit more, and that is a zero-day vulnerability. Microsoft has released Security Advisory (975497) [microsoft.com]: Vulnerabilities in SMB Could Allow Remote Code Execution

This affects SMB sharing technology in Vista, Windows Server 2008, and Windows 7. In Windows 7 this is not a problem in the RTM, but it is a problem in the RC version of Windows 7. Beware.

The suggestion is that a firewall on your PC or network should protect you from this vulnerability until a patch is made available.

 

Featured Threads

Hot Threads This Week

Hot Threads This Month