| |
For its latest regular Patch Tuesday booster shot, Microsoft snuffed out
vulnerabilities surrounding its Server Messenger Block Protocol. The
vulnerabilities allowed hackers to bust into unpatched computers and do what
they please -- create accounts, install software under the radar, etc.
By Walaika Haskins, January 14, 2009
TechNewsWorld
Microsoft (Nasdaq: MSFT) issued a critical software
update Tuesday, plugging three vulnerabilities in all versions of its
Windows operating system. The three flaws, two of which were reported
privately and the third of which was publicly disclosed, deal with a hole in
the Microsoft Server Message Block (SMB) Protocol.
The vulnerabilities could enable an attacker who successfully exploits them
to install programs; view, change or delete data; or create new accounts
with full user rights. The security update addresses the flaws by validating
the fields inside the SMB packets, according to Microsoft.
The software maker rated two of the security holes -- CVE-2008-4834 and
CVE-2008-4835 -- as critical in Windows 2000, Windows XP and Windows Server
2003. The third flaw -- CVE-2008-4114, which also affects those OSes -- was
given a moderate rating. The same vulnerabilities in Windows Vista and
Windows Server 2008 were given a moderate rating by Microsoft.
The flaws are serious, insofar as exploits could lead to remote code
execution and thereby to hackers controlling an affected computer, said
Richard Wang, U.S. SophosLabs manager.
"However, we have not yet seen any malicious software taking advantage of
this vulnerability," he told TechNewsWorld.
Critical Situation
The first two flaws concern unauthenticated remote code execution
vulnerabilities, which exist in the way that Microsoft SMB Protocol handles
specially crafted SMB packets. Efforts by hackers to exploit the flaws would
not require authentication, thereby allowing attackers to exploit the
vulnerabilities by sending a specially crafted network message to a computer
running the Server service. Most attempts to exploit the security hole would
result in a system denial of service condition; however, remote code
execution is possible, at least theoretically, Microsoft said.
"CVE-2008-4834 and CVE-2008-4835 both allow remote code execution, meaning
that a computer that is connected to the Internet is at risk. A remote
attacker can install and execute programs, compromise the confidentiality,
integrity or availability of sensitive data, and create administrator
accounts," Chris Rodriguez, an analyst at Frost & Sullivan , told
TechNewsWorld.
The remaining problem rests with a denial of service vulnerability that
exists in the way that Microsoft SMB Protocol software handles specially
crafted SMB packets. As with the other two flaws, an attempt to exploit the
vulnerability would not require authentication, allowing an attacker to
exploit the vulnerability by sending a specially crafted network message to
a computer running the service. Unlike the other vulnerabilities addressed
in the patch, if an attacker successfully exploits the flaw, it could cause
the user's computer to stop responding and restart.
Get the Shot
Microsoft recommends that Windows users install the security update
immediately.
If a system is left unpatched, "it is possible hackers will be able to
exploit this vulnerability to break into networks and install their own
programs," Wang noted.
While no exploits have been detected that take advantage of these
vulnerabilities, according to Rodriguez, businesses should be on guard.
"Organizations must vigilantly watch firewall configurations and close
unnecessary ports on their computers," he pointed out.
|
|
