January Patch Tuesday: one critical bulletin

Stephen Withers
Wednesday, 14 January 2009 03:39

Your IT - Home IT

Microsoft has delivered an easy start to 2009 for system administrators, releasing a solitary security bulletin.

Although there is only one bulletin this month, it addresses three separate vulnerabilities in Windows' implementation of the SMB (Server Message Block) protocol.

Two of the vulnerabilities could theoretically be exploited to execute remote code, while a successful exploit for the third could at worst cause the computer to restart.

That denial of service vulnerability is rated moderate for all currently supported operating systems.

One of the remote code vulnerabilities is rated critical on Windows 2000, XP and Server 2003, and moderate on Vista and Server 2008 (including Server Core installations).

The other only affects Windows 2000, XP and Server 2003, and is rated critical.

That said, Microsoft believes successful exploits of the remote code vulnerabilities are unlikely, in part because an attacker could not control the data that would be written to kernel memory.

The issues are related to the SMB update released last October to address a remote code execution vulnerability that was rated important.

Two of this month's vulnerabilities were privately disclosed to Microsoft through Tipping Point's Zero Day Initiative, a scheme that rewards researchers for ethical disclosure. The other was publicly disclosed.

While Microsoft recommends all users apply the patch, a company spokesperson said SMB servers and Domain Controllers should be prioritised as a denial of service attack on such systems would have a high impact.