Three vulnerabilities in SMB networking were patched in a single update today my Microsoft: MS09-001: Vulnerabilities in SMB Could Allow Remote Code Execution.

Two of the three vulnerabilities are rated critical for Windows 2000, Windows XP and Windows Server 2003; the third is rated Moderate for those platforms. Two are rated Moderate for Windows Vista and Windows Server 2008, and the third does not affect those platforms at all.

The first vulnerability, SMB Buffer Overflow Remote Code Execution Vulnerability (CVE-2008-4834), is a frightening one: an unauthenticated networking bug. This is the one that doesn't affect Windows Vista or Server 2008, but on 2000, XP or Server 2003 an unauthenticated user could invoke a remote code execution over the network. Microsoft says that most attempts to invoke this bug will result in a denial of service, but that remote code execution is theoretically possible. This being SMB, a firewall could very well block it, depending on the configuration. So it's not likely that users would get attacked directly over the Internet, but if one system inside a network is compromised through some other exploit, it could then attack other vulnerable systems from inside the network.

The second vulnerability, SMB Validation Remote Code Execution Vulnerability (CVE-2008-4835), is very similar to the last one: an unauthenticated network vulnerability that can theoretically allow remote code execution, but more likely denial of service. This vulnerability also affects Windows Vista and Windows Server 2008, although not in the default configuration, thus they are rated "Moderate." (full Story)

This entry was posted on Jan 27, 2009 at 12:35 AM and is filed under , , , , . You can follow any responses to this entry through the comments feed .


Post a Comment - Blog Search