Tuesday, January 13, 2009

Microsoft SMB patch addresses 3 flaws

Today Microsoft issued a patch that resolves several privately reported vulnerabilities in Microsoft Server Message Block (SMB) Protocol, a protocol used for sharing files, printers, serial ports, and other communications.

MS09-001 is rated by Microsoft as critical, its highest rating, for users running Windows 2000, XP, and Server 2003, and moderate, its second highest rating, for users running Windows Vista and Server 2008. It replaces the SMB patch MS08-063 issued last October. Installation of the patch will require a system restart.

Microsoft says although there are three flaws address, they are unlikely to produce exploitable code because the first two (CVE-2008-4834 and CVE-2008-4835) only allow for one fixed value (zero) to be written and controlling what data is overwritten will also be difficult. The third vulnerability (CVE-2008-4114) affects all Windows systems and allows for a Denial of Service attack.

The patch today is the only one for Microsoft's January 2009 Patch Tuesday release. The patch may be obtained from Windows Updates or via the bulletin itself.

No comments:

Post a Comment