Tag: could allow remote code execution

Microsoft issues 1 Major update 1-13-09

Paul

Well it has been release Microsoft issued an update to the system:

[ad#ad2-right]

Vulnerabilities in SMB Could Allow Remote Code Execution

Microsoft Security Bulletin MS09-001 – Critical (KB958687)

This security update resolves several privately reported vulnerabilities in Microsoft Server Message Block (SMB) Protocol. The vulnerabilities could allow remote code execution on affected systems. An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

This is one of those updates you really need to install as soon as you can.   You should also get a free firewall or buy one.  I looks to be a vulnerability in the ports and if you’d have a firewall besides windows you should be safe but that is besides the point.   If you are security congenious then you should install this update ASAP.  If your worried this will effect you system then you will need to backup your system before you do this update.  If you feel you’ve might of been infected with this Vulnerability you could always go get a free antivirus program and scan your system.  This is the sure way of fighting a Virus and making sure your safe, although people argue that Paid virus programs are quicker to be updated with virus databases, it’s all in the matter of preferences.

Patch list for Patch Tuesday January 2009

Paul

I just got the update of what will be patched and what will I expect to be patched, Here is my list of what will be coming on Patch Tuesday, January 13, 2009:

  • [ad#ad2-right]Update for Windows Mail Junk E-mail Filter [January 2009] (KB905866) — Keeps those junk emails from getting into your system.

  • Windows Malicious Software Removal Tool – January 2009 (KB890830) — This is a usual thing for Microsoft and should not be messed with.

  • Windows XP Service Pack 3 (KB936929) — Changes made to the were made for the Metadata but nothing else.

  • Critical update — Microsoft Windows 2000 Service Pack 4, Windows XP Service Pack 2 and Windows XP Service Pack 3, Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2,  Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2,Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems.

  • Moderate Update — Windows Vista and Windows Vista Service Pack 1,Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for Itanium-based Systems.  (Windows Server 2008 Core Installation affected)

These were the only I could find that I expect to be deployed on the next windows updates.  I expect the really bad updates they are going to wait till last minute to tell anyone.  When they become available I’ll let you know which ones and how quickly they need to be installed.

The Cricitcal and Moderate Update for Microsoft are the same but since the NT Kernal is used for Vista and the Servers it isn’t affected as bad as the Window’s Kernal.   I would guess it will be a core installation program that would be the culprit and Microsoft is going to patch it.   I won’t find out about it till Tuesday but Microsoft has said it will only be a few updates so that is good.  We will have to wait and see!!

Microsoft Knows about the SQL Bug — KB961040

Paul

Microsoft confirmed some information about the this little SQl bug and issued a Statement in an Security Advisory 961040 and in it Microsoft said:

Microsoft is investigating new public reports of a vulnerability that could allow remote code execution on systems with supported editions of Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon). Systems with Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008 are not affected by this issue.

[via Microsoft Technet]

[ad#ad2-left-1]One researcher, a Bernhard Mueller, is claiming that Microsoft has the patch available and ready to patch this bug.  According to him Microsoft this patch is done and isn’t scheduled to be release yet.  I don’t know when they will patch this but if Techworld is right it will be an out of cycle patch.   I am sure that if Microsoft does release it in cycle then it will be this coming patch cycle.  January 13, 2009 is the next cycle of patches for Microsoft and should be available at 10pm PST time. If Microsoft doesn’t release the patch soon they will undoubtedly wait till Patch Tuesday.  In my previous article I talked about this to a point the workaround so if you are using an SQL server you need to do this work around.

New Vulnebility in the SQL Server

Paul

Microsoft as Issued a warning on a new Vulnerability for:

Microsoft Security Advisory (KB961040)

[ad#ad2-right]Vulnerability in SQL Server Could Allow Remote Code Execution

Microsoft is investigating new public reports of a vulnerability that could allow remote code execution on systems with supported editions of Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon). Systems with Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008 are not affected by this issue.

[Via Technet]

[ad#ad2-left]The workaround for the people who use the servers are to deny access to  sp_replwritetovarbin and only should be done by system admins.   Microsoft will probably issue a patch on the next coming next Patch Tuesday unless they hear of anything in the wild.  This does not look to affect anyone who uses Windows XP Home edition or Vista Home  edition just people who has a Microsoft server and use SQL.  It also seem to be CVE-2008-4270 in the Common Vulnerabilities and Exposure database.  If I find out more I’ll let you know.

The Important Windows patches Released Today

Paul

As many of you know we talked about the Non-critical patches that Microsoft will release today.  IF you want to read those please go and check it out.   I’ll be talking about the REALLY important ones that Microsoft has kept tight until now.    These are the more important ones but I will list the ones that I previous talked about to better help people recognize the non-important ones:

[ad#ad2-right]

  • KB955839

  • KB957388

  • KB890830

  • KB905866

    • These are just the tip of the iceberg. although this list are not A lot.  I’d wanted to let people know about what people coin “Exploit Wednesday“.  I really don’t know if this is a Myth or actually does exist but I’d figure we discuss the problems associated with installing the critical updates and try to tell you which ones should be installed As soon as possible.  Though people have in the past used a Virtual Machine to see if there is any problem, that should be your first step if you don’t want to have any problems with these updates.  I don’t suggest testing it more than a couple days.  Here are some good Virtual Machine software to try out yourself:

    Here is the list of updates that are critical that Microsoft released today.   Each one of these are quite important and should be considered installed when you get a chance.

    [ad#ad2-left]Microsoft Security Bulletin MS08-073 – Critical
    Cumulative Security Update for Internet Explorer (KB958215)

    This security update resolves four privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Microsoft Security Bulletin MS08-071 – Critical
    Vulnerabilities in GDI Could Allow Remote Code Execution (KB956802)

    This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    [ad#ad2-right]Microsoft Security Bulletin MS08-075 – Critical
    Vulnerabilities in Windows Search Could Allow Remote Code Execution (KB959349)

    This security update resolves two privately reported vulnerabilities in Windows Search. These vulnerabilities could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    KB952069
    (not quite sure what this one is, when I go do a Google search this is what pops up. It was in German but Google translated it for me)

    In the Windows Media Runtime to the default in Windows XP SP3 contains Windows Media Player (WMP) 9 were discovered vulnerabilities that could allow an attacker to compromise your Windows-based system and gain control over it. See Security Bulletin MS08-076 ( englisch bzw. deutsch ) See Security Bulletin MS08-076 (English or German)

    These are just ones that I found and wanted to let you know, the others have been explained on the other article.  So check them all out and I suggest installing them quickly as possible.