Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Microsoft Patch Tuesday for January 2009

Created: 13 Jan 2009 19:31:45 GMT • Updated: 23 Jan 2014 18:38:16 GMT
Robert Keith's picture
0 0 Votes
Login to vote

Hello and welcome to this month’s blog on the Microsoft patch releases. This is a light month—the vendor is releasing only one bulletin covering a total of three vulnerabilities affecting Server Message Block (SMB).

Of those issues, two are “Critical” server-side, remotely exploitable code-execution vulnerabilities. These are rather serious issues that may allow remote attackers to completely compromise a vulnerable computer. Given the nature of these issues, developing viable exploits to execute code may prove difficult, but denial-of-service attacks will likely be trivial. The remaining issue, rated “Moderate”, is a remote denial-of-service vulnerability.

As always, customers are advised to follow these security best practices:

-Install vendor patches as soon as they are available.
-Block external access at the network perimeter to specific sites and computers only.
-Run all software with the least privileges required while still maintaining functionality.

Microsoft’s summary of the January releases can be found here:
http://www.microsoft.com/technet/security/bulletin/ms09-jan.mspx

1. MS09-001 Vulnerabilities in SMB Could Allow Remote Code Execution (958687)

CVE-2008-4834 (BID 33121) Microsoft Windows SMB Buffer Overflow Vulnerability (MS Rating: Critical / Symantec Urgency Rating 8.2/10)

A remote code-execution vulnerability affects the Microsoft Server Message Block (SMB) protocol when handling specially crafted SMB packets. A remote, unauthenticated attacker can exploit this issue by sending a specially malformed SMB packet to a vulnerable server. A successful attack will result in the execution of attacker-supplied code with SYSTEM-level privileges.

Affects: Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows XP Professional x64 Edition, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP1 and SP2, Windows Server 2003 x64 Edition, Windows Server 2003 x64 Edition SP2, and Windows Server 2003 with SP1 and SP2 for Itanium-based Systems.

CVE-2008-4835 (BID 33122) Microsoft Windows SMB Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating 8.2/10)

A remote code-execution vulnerability affects the Microsoft Server Message Block (SMB) protocol when handling specially crafted SMB packets. A remote, unauthenticated attacker can exploit this issue by sending a specially malformed SMB packet to a vulnerable server. A successful attack will result in the execution of attacker-supplied code with SYSTEM-level privileges.

Affects: Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows XP Professional x64 Edition, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP1 and SP2, Windows Server 2003 x64 Edition, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP1 and SP2 for Itanium-based Systems, Windows Vista, Windows Vista SP1, Windows Vista x64 Edition, Windows Vista x64 Edition SP1, and Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems.

CVE-2008-4114 (BID 31179) Microsoft Windows WRITE_ANDX SMB Processing Remote Denial Of Service Vulnerability (MS Rating: Moderate / Symantec Urgency Rating 7.5/10)

This is a previously public denial-of-service vulnerability affecting the Microsoft Message Server Block (SMB) protocol when handling specially crafted SMB packets. A remote, unauthenticated attacker can exploit this issue to cause the affected computer to stop responding and restart.

Affects: Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows XP Professional x64 Edition, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP1 and SP2, Windows Server 2003 x64 Edition, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP1 and SP2 for Itanium-based Systems, Windows Vista, Windows Vista SP1, Windows Vista x64 Edition, Windows Vista x64 Edition SP1, and Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems.

More information on this and the other vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.