RealTime IT News

First 'Patch Tuesday' of 2008 Proves Modest

Microsoft's first "Patch Tuesday" of 2008 was fairly unexceptional as the company's monthly vulnerability fixes go, focusing on two security bulletins, only one of which is labeled "Critical," the most severe category.

The Critical bulletin, MS08-001, warns of two separate vulnerabilities in the TCP/IP stack used in all versions of Windows.

According to the bulletin, an attacker exploiting the holes could take complete control of an affected system, install new applications, change or delete data or create new accounts with full user rights.

Don Leatham, director of business development for Lumension Security, formerly PatchLink, said this is a fairly serious vulnerability. "The critical patch deals with remote code execution and the vulnerability is at the kernel level," he wrote in an e-mail to InternetNews.com. "This means that if someone exploits the vulnerability, they could take complete, unlimited control of a machine."

Leatham said one of the methods that could be used to exploit this vulnerability might be video or audio streams such as IP-based teleconferencing or streaming media.

"We suggest that organizations block IP multicasting at the perimeter firewall and the Vista firewall (which is not an option in XP) while testing and rolling out the patch ASAP," he wrote.

The second fix, MS08-002, is labeled "important" -- less severe, but still a vulnerability that users and admins should address promptly.

The bulletin addresses a problem in the Windows Local Security Authority Subsystem Service (LSASS), which would allow an attacker to run arbitrary code with elevated privileges and take complete control of an affected system.

"We strongly recommend that administrators test and deploy both patches as quickly as possible," Leatham said.

Microsoft also issued Security Advisory 943411, detailing an update to the Windows Vista Sidebar that offers new protections against malicious widgets inadvertently installed in the Vista Sidebar.

Additionally, as is tradition, Microsoft updated its Malicious Software Removal Tool, this time to recognize the Win32/Cutwail family of Trojans.

Microsoft will hold its usual Webcast to discuss the fixes tomorrow at 11 a.m. Pacific time.