Malware City/Blog/

Jan
19
Filed Under:
MISCELLANEOUS

MS09-001 - It's A Big(-ish) Deal This Time

19 January 2009
Covering again the vulnerability beat this week, only from a more mundane angle: this one's a biggie, folks and folkettes, and you'd be well-advised to let Windows auto-update do its thing (or at least, test and patch at your earliest convenience, but then, if that kind of thing is part of a regular breakfast for you, what are you doing here?). MS09-001 resolves three vulnerabilities in the SMB protocol implementation, two of them leading straight to unauthenticated, remote code execution (read: total ownership of affected systems on a first-come-first-serve basis) and a mere denial of service condition.

Before you start thinking that these are all bad things that may happen in your future and hence ignorable, take a moment to appreciate the facts.

All versions of Windows up to and including 7 are vulnerable in their unpatched state, firewalled systems may be spared yet corporate PC's rarely are firewalled from one another - which would give a potential worm plenty of room to spread - and that, in fact, there is a rumour around the block that there may already be exploit code in the wild for one or more of these vulnerabilities.

Patch now. Nobody would benefit from two Downadup-sized epidemics in one month - except virus writers.






By Razvan Stoica
Razvan Stoica is a journalist turned teacher turned publicist and technology evangelist. When BitDefender isn't paying him to bring complex subjects to wide audiences, he enjoys writing fiction, skiing and biking.

Related

14-01-2009 | Windows® 7 facing thorny real-life security issues

13-01-2009 | Old worm – new outbreak

08-01-2009 | MD5 Weakness Exploited

06-01-2009 | BitDefender E-Threats Landscape Report

Comment on this

Name:

Email:

Website:

Your email adress will not be published.