Microsoft Starts The Year With Modest Fix List

Microsoft released a single bulletin Tuesday for this month’s Patch Tuesday covering three issues in its Server Message Block (SMB) Protocol. It’s quite a change after the intense crush last month, with more than 20 fixes, and the emergency patch to fix a major Internet Explorer fault.

The single bulletin has three fixes, two of which are critical, the most important of releases, and one rated important. Both of those issues, if successfully exploited, could allow for remote code execution.

The two critical flaws are buffer overflow and validation vulnerabilities in how the SMB protocol software handles specially crafted SMB packets. In both cases, the software insufficiently validates the buffer size before writing to it. Thus far, Microsoft says there have not been any attempted exploits.

The third bug is another SMB validation vulnerability that can be used to create a denial-of-service condition. It too is due to the SMB Protocol software insufficiently validating the buffer size before writing to it. Like the other two, Microsoft said it has yet to be exploited by hackers.

A critical patch

Still, security experts say not to delay. “MS09-001 is a super critical patch to install right away. This vulnerability is similar to what prompted the blaster and sasser worms a few years ago. We expect to see a worm released for this in the very near future,” said Eric Schultze, CTO of security firm Shavlik.

This article was first published on To read the full article, click here.

Andy Patrizio
Andy Patrizio
Andy Patrizio is a freelance journalist based in southern California who has covered the computer industry for 20 years and has built every x86 PC he’s ever owned, laptops not included.

Top Products

Related articles