January 13, 2009

Patch Tuesday: Microsoft fixes SMB protocol flaw

Tuesday's security update from Microsoft fixes three related vulnerabilities that affect the way the company's Server Message Block (SMB) Protocol software handles SMB packets.

It appears that an attempt to exploit the vulnerabilities would not require authentication, allowing an attacker to remotely exploit the vulnerability by sending a network message to a computer running the Windows Server service.

This security update, the only one released by Microsoft as part of its monthly patch batch, is rated "critical" for Windows 2000, XP, and 2003, and "moderate" for Vista and Server 2008.

The flaws could be exploited to install malicious programs; view, change or delete data; or create new, privileged accounts, according to the Microsoft bulletin.

The security update addresses the bugs by validating the fields inside the SMB packets. Microsoft recommends that customers apply the update immediately.

“Such vulnerabilities are very difficult to exploit – not impossible – but difficult, given that they are at the kernel level," Alfred Huger, vice president of development at Symantec Security Response, told SCMagazineUS.com onTuesday. "The kernel is finicky. Often, attempts to exploit it more often than not will lead to a blue screen, rather than successful exploitation.”

In a comment emailed to SCMagazineUS.com, Shavlik Technologies' CTO Eric Schultze said: “This vulnerability is similar to what prompted the Blaster and Sasser worms a few years ago. We expect to see a worm released for this in the very near future.”

He added: “The only prerequisite for this attack to be successful is a connection from the attacker to the victim over the NetBIOS (file and printer-sharing) ports (TCP 139 or 445). By default, most computers have these ports turned on.”

That is, even though the ports are usually blocked on internet firewalls and personal firewalls, they are typically left open in a corporate network. 

“If a worm is released, and that worm makes it into a corporate network, it will make Swiss cheese of that network relatively quickly,” Schultze said.

Related Articles
Related Topics
Related Links

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.