Microsoft released a single bulletin today for this month’s Patch Tuesday covering three issues in its Server Message Block (SMB) Protocol. It’s quite a change after the intense crush last month, with more than 20 fixes, and the emergency patch to fix a major Internet Explorer fault.
The single bulletin has three fixes, two of which are critical, the most important of releases, and one rated important. Both of those issues, if successfully exploited, could allow for remote code execution.
The two critical flaws are buffer overflow and validation vulnerabilities in how the SMB protocol software handles specially crafted SMB packets. In both cases, the software insufficiently validates the buffer size before writing to it. Thus far, Microsoft says there have not been any attempted exploits.
The third bug is another SMB validation vulnerability that can be used to create a denial-of-service condition. It too is due to the SMB Protocol software insufficiently validating the buffer size before writing to it. Like the other two, Microsoft said it has yet to be exploited by hackers.
A critical patch
Still, security experts say not to delay. “MS09-001 is a super critical patch to install right away. This vulnerability is similar to what prompted the blaster and sasser worms a few years ago. We expect to see a worm released for this in the very near future,” said Eric Schultze, CTO of security firm Shavlik.
Added Roel Schouwenberg, senior antivirus researcher for Kaspersky Lab Americas, “One vulnerability allows for a Denial of Service, while the other two allow for remote code execution. In theory the vulnerabilities would allow for the creation of network worms, much like Kido aka Downadup aka Conficker. However given the nature of the vulnerabilities it’s unlikely we’ll see a worm.”
As part of the monthly upgrade, Microsoft has updated its Malicious Software Removal Tool to recognize the Win32/Banload and Win32/Conficker families of Trojans.
Microsoft will hold a Webcast discussion on TechNet tomorrow, Wednesday the 13th at 11 a.m. Pacific Standard Time, to discuss this fix.