One bulletin is rated "critical" and two are rated "important."
MS09-006 ("critical") resolves a vulnerability in the Windows kernel. The flaw could allow remote code execution if a user views a maliciously crafted EMF or WMF image file.
MS09-007 ("important") addresses a vulnerability in the Secure Channel (SChannel) security package in Windows. If exploited, it could allow spoofing, provided the attacker gains access to an end-user authentication certificate.
MS09-008 ("important") fixes vulnerabilities in the Windows DNS server and Windows WINS server. If exploited, these vulnerabilities could allow network traffic hijacking.
John Moyer, CEO of BeyondTrust, said in an e-mail that organizations should be particularly vigilant about malware attempting to exploit the Excel vulnerability given that Excel is used more frequently during tax season.
Alfred Huger, VP of development at Symantec Security Response, warned in an e-mail that the Windows kernel vulnerability could allow an attacker to take over a victim's computer using an HTML e-mail or an e-mail attachment containing a .WMF or .EMF image file. He added that being on the lookout for these lesser-known file types may not help since it's possible to disguise .WMF and .EMF files as more common image formats like .JPG.
Eric Schultze, CTO of Shavlik Technologies, said in an e-mail that MS09-006 follows a long line of image vulnerabilities. "The flaw actually resides in the Windows kernel -- but is only exploited when managing the malformed pictures," he said. "All that the attacker needs to do is encourage a victim to view a specially formatted image and the attacker can run code on the victim's system. The evil code will execute with system privileges -- even if the user wasn't logged on as an administrator."
"MS09-006 is going to be a huge undertaking," said Paul Henry, security forensic analyst at Lumension, in an e-mail. "The broad platform impact of the bulletin suggests that core services of the Windows operating system are to be modified, rather than isolated application components. When working on the core infrastructure, it opens up other applications to potential risk, making a simple patch deployment impossible. To make sure this is secure, IT departments will have to reboot all Windows machines in the entire enterprise."
Is your vulnerability management program ready for 2009? You can't protect everything, so the key is to focus to reduce exposure. Download the report here.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.