Microsoft released a single bulletin Tuesday for this month’s Patch Tuesday covering three issues in its Server Message Block (SMB) Protocol. It’s quite a change after the intense crush last month, with more than 20 fixes, and the emergency patch to fix a major Internet Explorer fault.
The single bulletin has three fixes, two of which are critical, the most important of releases, and one rated important. Both of those issues, if successfully exploited, could allow for remote code execution.
The two critical flaws are buffer overflow and validation vulnerabilities in how the SMB protocol software handles specially crafted SMB packets. In both cases, the software insufficiently validates the buffer size before writing to it. Thus far, Microsoft says there have not been any attempted exploits.
The third bug is another SMB validation vulnerability that can be used to create a denial-of-service condition. It too is due to the SMB Protocol software insufficiently validating the buffer size before writing to it. Like the other two, Microsoft said it has yet to be exploited by hackers.
A critical patch
Still, security experts say not to delay. “MS09-001 is a super critical patch to install right away. This vulnerability is similar to what prompted the blaster and sasser worms a few years ago. We expect to see a worm released for this in the very near future,” said Eric Schultze, CTO of security firm Shavlik.