KB905866

Preview of Patch Tuesday Attractions

Tomorrow, February 11, is the second Tuesday in February–hence, “Patch Tuesday” is once again at hand. Microsoft publishes advance notification for security bulletins each month on the preceding Thursday, so I can tell you what to expect in tomorrow’s updates. There are four items that should be included (though last-minute additions and deletions have been known to occur):

• Critical: Internet Explorer 7 versions remote code execution fix. XP, Vista, Windows Server 2003 and 2008, 32- and 64-bit versions.
• Critical: Exchange Server versions remote code execution fix. Exchange 2000 Server SP3 with 8/04 update rollup, Exchange Server 2003 SP2, Exchange Server 2007 SP1 (32- and 64-bit versions).
• Important: SQL Server remote code execution. Too many versions to enumerate here (check the advance notification link in the first paragraph for details).
• Important: Visio remote code execution. MS Office Visio 2002 SP2, MS Office Visio 2003 SP3, MS Office Visio 2007 SP1.

As usual, there will also be an updated version of the Microsoft Malicious Software Removal tool (KB890830) and the Windows Junk E-mail Filter (KB905866) for February, 2009, included as well. There will also be cumulative updates for Media Center for Windows Vista (KB950644) and Media Center TVPack for Windows Vista (KB958653), plus an update rollup for ActiveX Killbits for Windows (KB960715). These are described in more detail in KB894199 and also in the other KB articles cited for each item.

Given that all the major updates relate to remote code execution and the system compromises such vulnerabilities can produce, it’s probably time to start testing and/or deploying these patches to your clients and servers on an ASAP basis.

Patch Tuesday Brings SMB Relief

Microsoft kicked off 2009 with a very interesting critical security update on the first “Patch Tuesday” of this year: MS09-001 Vulnerabilities in SMB Could Allow Remote Code Execution addresses issues with the Server Message Block Protocol that go all the way back to Windows 2000 (and would go further except that’s where the Microsoft  “update horizon” kicks in). This update address three vulnerabilities in all:

1. SMB Buffer Overflow Remote Code Execution Vulnerability (CVE-2008-4834)
2. SMB Validation Remote Code Execution Vulnerability (CVE-2008-4835)
3. SMB Validation Denial of Service Vulnerability (CVE-2008-4114)

Of those three, the first is the scariest because it allows forged SMB packets to compromise a machine at the System level on any Windows PC running the Server service (except for Vista and Server 2008). That said, this is a “theoretically possible” exploit, rather than a known or demonstrated one. Number 2 is similar to number 1 except that it could affect Vista and Server 2008, but not in their default configurations. It’s more likely, in fact, that 1 and 2 will produce the same effects as number 3, and result in a denial of service for SMB hosts (again except for default Vista and Server 2008 configurations) than actually resulting in remote code execution. But whether you’re ducking a system takeover or just a DoS, this patch is definitely worth applying to your Vista systems anyway.

Other items from this Patch Tuesday include:

• Updates for the various MS email (Outlook and MS Mail on most Vista machines) Junk Email Filters (KB959141 and KB905866)
• Malicious Software Removal Tool for January, ‘09 (KB890830)

These are entirely routine, and while worth grabbing, don’t really cry out for much attention or coverage. I also found a Realtek RTL8168B/8111B GbE Interface update in my queue, for several of my Vista machines including both notebooks and desktops, so I suspect others will see and welcome this driver update as well (installed without a glitch on all affected machines).