Posted on 02/08/2005 2:32:00 PM PST by Eagle9
Microsoft Tuesday released its largest group security patches in nearly a year as it posted 12 security bulletins encompassing 19 vulnerabilities, 14 of which it marked "Critical," its highest patch-now warning.
Among them is a vulnerability that will likely lead to the biggest, baddest worm in since mid-2003, said Mike Murray, the director of research at vulnerability management vendor nCircle.
"There's a clear 'winner' here," said Murray. " MS05-011 fixes a vulnerability in SMB [Server Message Block], which is running on every version of Microsoft's operating systems that a corporation might be using. And it's exploitable remotely, so it doesn't rely on an e-mail or getting someone to a Web site. All the attacker has to do is send a properly-formatted packet and he'll break in.
"It's been a while since we've seen a vulnerability this widespread. This could easily lead to the biggest exploit in over a year," said Murray. "I'd put this in the same class as the vulnerability that led to [2003's] MSBlast. It's serious."
SMB is the standard protocol that Windows uses to share files, printers, and serial ports, and to communicate between computers, particularly between servers and client desktops. A specially-crafted SMB packet sent to a vulnerable PC could, said Microsoft, let an attacker "take complete control of the affected system."
The extent of February's regularly-scheduled was expected, but still difficult to digest at first glance.
Nine of the bulletins impacted various versions of Windows to one extent or another, one each dealt with .Net Framework, SharePoint Services, Windows Media Player/MSN Messenger, and the perennial visitor to the patch process, Internet Explorer. Two revolved around Microsoft Office. (Some of those affecting Windows also affected other components, such as Office or SharePoint, the reason for the count difference.) More than half the bulletins tapped Windows XP Service Pack 2 (SP2) as vulnerable. SP2, Microsoft's massive security update that debuted in October, 2004, was then touted by the Redmond, Wash.-based developer as its biggest security-centric upgrade ever.
The eight bulletins and 14 vulnerabilities marked Critical could all be used by attackers to execute code remotely -- usually only after the user did something, such as visit a malicious Web site or click on a link within an e-mail -- or create a buffer overflow that could then be used to gain control of a machine.
Some of the fixes were more or less expected, said Murray, who noted that they corrected known, if not actually exploited, bugs. fit MS05-009,
that bill, for it patched three vulnerabilities in Windows Media Player 9 and various versions of Microsoft's instant messenger against image-based exploits using PNG-formatted files. Another vulnerability in Media Player 10 and its implementation of digital rights management technologies, however, was not fixed in this month's round of patches.
MS05-012, on the other hand, affected an astonishing array -- 33 by our count -- of Microsoft's operating systems and applications, ranging from Windows XP SP2 to Office XP and Office 2003, and every supported version of Exchange Server since 5.0. This bulletin corrected a problem in processing COM structured storage files, and how they handled OLE (Object Linking and Embedding) input.
Internet Explorer hardly ever goes untouched in a monthly roll-out of patches, and February was no exception. MS05-014, fixed four IE flaws, including a drag-and-drop bug that hackers and phishers have already exploited to plant malicious code and spyware on users' PCs.
But Murray kept coming back to the SMB vulnerability as the big daddy of February.
"Every machine that has ports 139 and 445 open is at risk, and those ports are open on every standard Window box," he said. "Every Windows box is vulnerable."
Although nCircle had only begun its analysis by mid-afternoon Tuesday ET and had not yet determined how easy or difficult it would be to write an exploit for this, Murray noted that SMB is one of the best documented protocols. "SMB is pretty well known by everybody," he said.
His advice? Patch fast.
"I think someone will break [this vulnerability] in the next couple of days, and we'll see a wormable exploit within a week."
Tuesday's patches can be obtained through the usual channels: the Windows Update and Office Update services, or direct download from the Microsoft Web site.
OK.. so I am beginning to wonder if Microsoft and people like Symantics (Norton) and McAfee have a partnership going. As long as the "main-stream" browser is susceptable to intrusion, then the anti-virus people are "in business". Have you noticed how expensive Norton has gotten! They have us captive, and don't want to ruin a good thing, I suspect.
It's starting to look that way -- right?
Norton is $19 a year for the updates...
There are often deals out there to get the latest Norton AntiVirus for free after rebate (though it's only licensed for one machine now for the standard version). I've had good success with Norton AV, but I also use AVG AntiVirus on my laptop and it's free.
To clarify, that is AVG on my laptop PC and Norton on my desktop PC...
when your definitions expire, you just go to the site and hit upgrade.....much cheaper than buying it in the store....
and dont get the Internet Security package...stick with NAV....
of course, I think CompUSA and other PC vendors make more money when people drop their subscriptions.....I always have a supply of personal laptops of employees, friends, arriving in my office to "fix"....
Guys who know, would the big bad problem they were talking about be blocked by a firewall?
er, what's this "us" business?
(hint: there are *other* OS than the obsolete, virus/spam/trojan infected, EULA protected, poorly designed and implemented overpriced crap from Redmond)
Depends on the firewall and how it's configured.
Here's an interesting site with port scan stats: http://isc.sans.org/top10.php
The online upgrade beats buying it in the store, but sometimes you can find a newer version of NAV for free after rebate (Fry's Electronics or similar) usually when the next year's version is coming out soon.
I like AVG a lot too and besides it being free, it is a bit easier on the resources, which is why it's on my laptop PC (which is a bit on the old side). Norton did start making the standard version only licensed for one computer (uses product activation similar to Windows XP) though, so I didn't feel like paying twice just so that it could go on my laptop PC. But I do like NAV.
Yeah, I never cared for any of their suite programs either (incl. SystemWorks).
bump
Still using Opera v6.02, and ATGuard here. No worries about malware at all...
Since up enjoy bad mouthing Linux so much, stick this in your pipe and smoke it!!!!
Somehow I just knew that I would eventually get the ole "why are you still using microsoft when there are other OS out there", stupid?"
I use Firefox for my recreational and personal browsing, however those of us who work in the tech industry are forced to endure IE. I develop web solutions for companies. I have to test these sites in all of the browsers out there. I don't have the luxury of living in a linux bubble, although its tempting.
That's simply a lie. I'm posting from a vanilla XP install, not even a virus scanner, and all the vulnerable ports are stealthed, as determned by the Symantec security check. All the security settings are defaults.
Are you at work? On a home network? On a network of any kind? Any of those could mean that the port scans performed by Symantec were only looking at the machine facing the Internet, and not yours.
I was using a static IP (68.16.154.108) Try to probe it. There's nothing protecting it except the default XP firewall.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.