Microsoft Issues One Critical Fix For Patch Tuesday

Specifically, the critical security update -- the only one issued for Microsoft's regularly scheduled "Patch Tuesday" release -- addresses three vulnerabilities found in the Microsoft Server Message Block (SMB) Protocol, which allows file information to be sent to printers and domain controllers. The error affects all versions of Windows, including Windows 2000, XP, Vista, Server 2003 and Server 2008.

Microsoft gave the vulnerability the highest severity ranking of "critical," due to the fact that the SMB Protocol is turned on by default in the earlier versions of Windows. The glitch was given a "moderate" ranking for Vista and Server 2008 because the SMB Protocol is turned off by default. However, it can be reopened in corporate networks.

A successful exploit would potentially enable attackers to execute remote code that would allow them to infiltrate users' PCs through open SMB ports, where they could install malicious programs, access sensitive and financial data, or launch a DoS attack.

So far, there are no active attacks that exploit the flaw. Microsoft said that the chance of a malware attack is unlikely at best, simply because the process of overwriting the data and guessing the configuration of the company's network infrastructure would be challenging for the average hacker.

"Controlling what data is overwritten is difficult. To exploit this type of kernel buffer overrun, an attacker typically needs to be able to predict the layout and contents of memory. The memory layout of the targeted machine will depend on various factors such as the physical characteristics of the system, system load and other SMB requests it is processing," Microsoft researchers said in the company's security blog.

"In order to pull off this attack, the attacker has to know what operating system you're running and how many processors your computer has," said Eric Schultze, CTO of Shavlik Technologies. "Without that information, it's less likely that the attack would be successful." However, Schultze said that the flaw is most serious for corporate networks with many open SMB ports. Users could unknowingly propagate a malicious worm by exposing a laptop to the attack outside the company's firewalls, such as at a coffee shop or an airport, and then connect the device back on the corporate network.

Attackers could also use the flaw to launch a DoS attack. Even if remote attackers were to guess a company's network configuration incorrectly while launching an attack, the exploit code could be used to crash the systems, experts say.

"Worms going down causing systems to reboot or crash, that's caused a lot of havoc. That was actually worse than exploiting code on your system," said Schultze. "In any case, it's not good."

As a result, experts recommend that users update their SMB servers and domain controllers with the latest patch immediately, as well as maintain standard and desktop firewalls in order to protect their networks from potential attacks.