Microsoft Patches Address Slew of Vulnerabilities - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Microsoft Patches Address Slew of Vulnerabilities

The company released its largest group of security patches in nearly a year. Among them is a vulnerability that one security vendor claims will likely lead to the biggest, baddest worm since mid-2003.

Microsoft Tuesday released its largest group of security patches in nearly a year as it posted 12 security bulletins encompassing 16 vulnerabilities, 10 of which it marked "Critical," its highest warning.

Among them is a vulnerability that will likely lead to the biggest, baddest worm since mid-2003, said Mike Murray, the director of research at vulnerability management vendor nCircle.

"There's a clear 'winner' here," said Murray. " MS05-011 fixes a vulnerability in SMB [Server Message Block], which is running on every version of Microsoft's operating systems that a corporation might be using. And it's exploitable remotely, so it doesn't rely on an e-mail or getting someone to a Web site. All the attacker has to do is send a properly-formatted packet and he'll break in.

"It's been a while since we've seen a vulnerability this widespread. This could easily lead to the biggest exploit in over a year," said Murray. "I'd put this in the same class as the vulnerability that led to [2003's] MSBlast. It's serious."

SMB is the standard protocol that Windows uses to share files, printers, and serial ports, and to communicate between computers, particularly between servers and client desktops. A specially-crafted SMB packet sent to a vulnerable PC could, said Microsoft, let an attacker "take complete control of the affected system."

The extent of February's regularly-scheduled patch release was expected, but still difficult to digest at first glance.

Nine of the bulletins impacted various versions of Windows to one extent or another, one each dealt with .Net Framework, SharePoint Services, Windows Media Player/MSN Messenger, and the perennial visitor to the patch process, Internet Explorer. Two revolved around Microsoft Office. (Some of those affecting Windows also affected other components, such as Office or SharePoint, the reason for the count difference.) More than half the bulletins tapped Windows XP Service Pack 2 (SP2) as vulnerable. SP2, Microsoft's massive security update that debuted in October, 2004, was then touted by the Redmond, Wash.-based developer as its biggest security-centric upgrade ever.

The eight bulletins and 10 vulnerabilities marked Critical could all be used by attackers to execute code remotely -- usually only after the user did something, such as visit a malicious Web site or click on a link within an e-mail -- or create a buffer overflow that could then be used to gain control of a machine.

Some of the fixes were more or less expected, said Murray, who noted that they corrected known, if not actually exploited, bugs. fit MS05-009, fit that bill, for it patched three vulnerabilities in Windows Media Player 9 and various versions of Microsoft's instant messenger against image-based exploits using PNG-formatted files. Another vulnerability in Media Player 10 and its implementation of digital rights management technologies, however, was not fixed in this month's round of patches.

MS05-012, on the other hand, affected an astonishing array -- 33 by our count -- of Microsoft's operating systems and applications, ranging from Windows XP SP2 to Office XP and Office 2003, and every supported version of Exchange Server since 5.0. This bulletin corrected a problem in processing COM structured storage files, and how they handled OLE (Object Linking and Embedding) input.

Internet Explorer hardly ever goes untouched in a monthly roll-out of patches, and February was no exception. MS05-014, fixed four IE flaws, including a drag-and-drop bug that hackers and phishers have already exploited to plant malicious code and spyware on users' PCs.

But Murray kept coming back to the SMB vulnerability as the big daddy of February.

"Every machine that has ports 139 and 445 open is at risk, and those ports are open on every standard Window box," he said. "Every Windows box is vulnerable."

Although nCircle had only begun its analysis by mid-afternoon Tuesday EST and had not yet determined how easy or difficult it would be to write an exploit for this, Murray noted that SMB is one of the best documented protocols. "SMB is pretty well known by everybody," he said.

His advice? Patch fast.

"I think someone will break [this vulnerability] in the next couple of days, and we'll see a wormable exploit within a week."

Tuesday's patches can be obtained through the usual channels: the Windows Update and Office Update services, or direct download from the Microsoft Web site.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
The Growing Security Priority for DevOps and Cloud Migration
Joao-Pierre S. Ruth, Senior Writer,  9/3/2020
Dark Side of AI: How to Make Artificial Intelligence Trustworthy
Guest Commentary, Guest Commentary,  9/15/2020
Register for InformationWeek Newsletters
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll