Microsoft released a single bulletin for this month's Patch Tuesday. The bulletin addresses three issues affecting Microsoft's Server Message Block Protocol.
Microsoft's inaugural Patch Tuesday of 2009
fixes three vulnerabilities in the Microsoft Server Message Block Protocol software.
Though the lone security bulletin itself is rated critical, only two
of the three vulnerabilities have a critical vulnerability rating on
their own. Both of those issues, if successfully exploited, could allow
a hacker to remotely execute code.
The two most serious flaws are labeled by Microsoft as SMB buffer
overflow and validation vulnerabilities and are due to the way the
SMB protocol software handles specially crafted SMB packets. In both
cases, the software insufficiently validates the buffer size before
writing to it.
According to Microsoft, an attempt to exploit either vulnerability
would not require authentication, however, neither of the flaws has
been subjected to attacks thus far.
The third bug is another SMB validation vulnerability that can be
used to create a denial-of-service condition. It too is due to the SMB
Protocol software insufficiently validating the buffer size before
writing to it. Like the others, it has yet to be exploited by hackers,
according to Microsoft's advisory.
As a workaround, users can block TCP ports 139 and 445 at the
firewall. However, this can affect a number of applications and
services, including file and print sharing and the fax service.
"Firewall best practices and standard default firewall
configurations can help protect networks from attacks that originate
outside the enterprise perimeter," according to the advisory. This
security update is rated Critical for all supported editions of
Microsoft Windows 2000, Windows XP, and Windows Server 2003, and
Moderate for all supported editions of Windows Vista, and Windows