blech: 2008-06-25 - Vulnerability reported to vendor 2009-01-13 - Coordinated public release of advisory
-- ME2 On Tue, Jan 13, 2009 at 2:31 PM, Todd Lemmiksoo <tlemmik...@all-mode.com> wrote: > FYI......Todd > ________________________________ > From: activedir-ow...@mail.activedir.org > [mailto:activedir-ow...@mail.activedir.org] On Behalf Of joe > Sent: Tuesday, January 13, 2009 1:19 PM > To: active...@mail.activedir.org > Subject: [ActiveDir] MS09-001 - Get to patching folks! > > > http://www.microsoft.com/technet/security/bulletin/ms09-jan.mspx > > > > Vulnerabilities in SMB Could Allow Remote Code Execution (958687) > > This security update resolves several privately reported vulnerabilities in > Microsoft Server Message Block (SMB) Protocol. The vulnerabilities could > allow remote code execution on affected systems. An attacker who > successfully exploited these vulnerabilities could install programs; view, > change, or delete data; or create new accounts with full user rights. > Firewall best practices and standard default firewall configurations can > help protect networks from attacks that originate outside the enterprise > perimeter. Best practices recommend that systems that are connected to the > Internet have a minimal number of ports exposed. > > "While this is a remote code execution vulnerability, functioning exploit > code is unlikely." > > http://blogs.technet.com/swi/archive/2009/01/09/ms09-001-prioritizing-the-deployment-of-the-smb-bulletin.aspx > > > For all affected versions of Windows, the two RCE vulnerabilities are > unlikely to result in functioning exploit code as stated in the > exploitability index > (http://technet.microsoft.com/en-us/security/cc998259.aspx). There are a few > reasons for this: > > The vulnerabilities cause a fixed value (zero) to be written to kernel > memory – not data that the attacker controls. > Controlling what data is overwritten is difficult. To exploit this type of > kernel buffer overrun, an attacker typically needs to be able to predict the > layout and contents of memory. The memory layout of the targeted machine > will depend on various factors such as the physical characteristics (RAM, > CPUs) of the system, system load, other SMB requests it is processing, etc. > > In terms of prioritizing the deployment of this update, we recommend > updating SMB servers and Domain Controllers immediately since a system DoS > would have a high impact. Other configurations should be assessed based on > the role of the machine. For example, non-critical workstations could be > considered lower priority assuming a system DoS is an acceptable risk. > Systems with SMB blocked at the host firewall could also be updated more > slowly. > > > > -- > O'Reilly Active Directory Fourth Edition - > http://www.joeware.net/win/ad4e.htm > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~