Microsoft Releases Critical SMB Security Update

Microsoft issued only one critical patch this month for Patch Tuesday which fixes an issue that could allow remote users to launch malicious code or a denial-of-service (DoS) attach on a users' computer. The patch specifically addresses an issue with the Microsoft Server Message Block (SMB) protocol which is used to send file information to printers and domain controllers. All version of Windows are affected by the security hole.

"Controlling what data is overwritten is difficult. To exploit this type of kernel buffer overrun, an attacker typically needs to be able to predict the layout and contents of memory. The memory layout of the targeted machine will depend on various factors such as the physical characteristics of the system, system load and other SMB requests it is processing," Microsoft researchers said in the company's security blog.

An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003, and Moderate for all supported editions of Windows Vista, and Windows Server 2008. The security update addresses the vulnerabilities by validating the fields inside the SMB packets. Microsoft recommends that all customers install the KB958687 patch immediately.

More information: MS09-001 Security Bulletin