Links
January Patch Tuesday
Microsoft has announced a patch for a critical vulnerability affecting several versions of Windows for both servers and workstations. The vulnerability could allow a remote attacker to access a system with full privileges. The affected versions of Windows are:
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2 and Service Pack 3
- Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 1 and Service Pack 2
- Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP1 or SP2 for Itanium-based Systems
- Windows Vista and Windows Vista Service Pack 1
- Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
- Windows Server 2008 for 32-bit Systems
- Windows Server 2008 for x64-based Systems
- Windows Server 2008 for Itanium-based Systems
Specifically, the Windows component affected by this vulnerability is the Server Message Block (SMB) component of File and Printer Sharing. Because this traffic is typically blocked by a network firewall, the risk of this vulnerability being used to directly attack an institution is reduced.
While Microsoft does not believe that there is any exploit for this vulnerability currently, Gladiator recommends that all institutions consider applying this patch as soon as possible in accordance with their standard patch cycles. As always, it is highly recommended to test any new software prior to introducing it to a production environment.
Related Links:
- Microsoft Security Bulletin (http://www.microsoft.com/technet/security/bulletin/MS09-001.mspx)
- Secunia Advisory (http://secunia.com/advisories/31883/)
- SANS ISC Diary Entry (http://isc.sans.org/diary.html?storyid=5677)