IT professionals are having a long day today as Microsoft fixed the most vulnerabilities during a Patch Tuesday since it began its monthly patching cycle
The company released a dozen security bulletins that addressed 23 vulnerabilities. According to security researchers, the vulnerabilities fixed in this latest round will need to be looked after by most organizations because of the range and severity of the flaws.
"This was definitely a bigger batch compared to previous month's releases," said Amol Sarwate, director of the Qualys vulnerability research lab. "This is the first time we are seeing such a broad range of issues into all of this, they affect the core TCP/IP layer, the networking layer, the operating system kernel, the host system in Windows, visual basic, PowerPoint, this is the first release that basically touches all of the aspects of the operating system."
Sarwate was most concerned by the Server Service vulnerabilities in one of the patches that can be exploited without any action from a victim, making it ripe for a worm or other problems. This patch was ranked as critical by Microsoft.
"If you have file and print sharing turned on, an attacker can remotely send packets and traffic which will cause denial of service or such issues," he said.
Neel Mehta of X-Force, the research division of Internet Security Systems, agreed that this vulnerability poses significant risk across Windows' user base, because of the ease it takes to exploit the vulnerability and the prevalence of Server Service.
"It is a default service that is used on virtually every Windows system out there," he said. "The vulnerability is actually a class of vulnerabilities that are quite simple to exploit. The last one we saw was exploited by the Zotob worm. It has been about a year since we've seen a vulnerability that was similar in scope and we're concerned that it might be exploited as part of a worm, so we're watching for that right now."
Mehta also warned enterprises to prioritize patching for the vulnerability in DNS resolution that was also ranked as critical by Microsoft. X-Force helped to bring attention to this vulnerability, which affects Windows' mechanism for receiving responses to domain name queries.
"A potential scenario might work such that you attempt to go to a website, your machine goes out to look up the domain name for the website and receives an invalid response that is especially crafted to trigger a buffer overflow on your system and then compromise your system," he said.
Many of the other patches released today address flaws in client-side services that require user intervention to be exploited, Sarwate said.
"This is just the continuation of the trend in the growing number of client-side issues that we have been observing from early this year," he said.
He warned administrators that, in addition to prioritizing patching, they should also focus on user education to get users to stop opening attachments from unknown sources. His colleague, Jonathan Bitle, manager of technical accounts for Qualys, agreed.
"User education is something that we see is sorely lacking," Bitle said. "People have a tendency to over rely on patches to address all of the issues that they are facing from a security perspective."