Microsoft Patch Tuesday Fixes Vulnerabilities in SMB Protocol

Microsoft’s inaugural Patch Tuesday of 2009 fixes three vulnerabilities in the Microsoft Server Message Block Protocol software.

Though the lone security bulletin itself is rated critical, only two of the three vulnerabilities have a critical vulnerability rating on their own. Both of those issues, if successfully exploited, could allow a hacker to remotely execute code.

The two most serious flaws are labeled by Microsoft as SMB buffer overflow and validation vulnerabilities and are due to the way the SMB protocol software handles specially crafted SMB packets. In both cases, the software insufficiently validates the buffer size before writing to it.

According to Microsoft, an attempt to exploit either vulnerability would not require authentication, however, neither of the flaws has been subjected to attacks thus far.

The third bug is another SMB validation vulnerability that can be used to create a denial-of-service condition. It too is due to the SMB Protocol software insufficiently validating the buffer size before writing to it. Like the others, it has yet to be exploited by hackers, according to Microsoft’s advisory.

As a workaround, users can block TCP ports 139 and 445 at the firewall. However, this can affect a number of applications and services, including file and print sharing and the fax service.

“Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter,” according to the advisory. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003, and Moderate for all supported editions of Windows Vista, and Windows Server 2008.”