Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Microsoft to Plug Windows Security Holes on Patch Tuesday



 By: Brian Prince
2009-10-08
Article Rating:starstarstarstarstar / 1


There are 1 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Microsoft is issuing 13 security bulletins next week, eight of them critical. In the batch are two critical Windows security bulletins - one for the zero-day in the Server Message Block protocol and the other for vulnerabilities in the FTP service in Microsoft Internet Information Services.

Microsoft plans to release 13 security bulletins in a massive patch Tuesday update next week.

Eight of the 13 bulletins are rated "critical," and the remaining five are classified as "important." All totaled, the bulletins cover 34 vulnerabilities affecting Microsoft Windows, Internet Explorer, Office, Silverlight, Forefront, Developer Tools and SQL Server.

Among the bulletins being issued is one covering a zero-day vulnerability in the Microsoft Server Message Block (SMB) protocol that was disclosed last month. The vulnerability is caused when the SMB implementation does not properly parse SMBv2 negotiation requests, and could allow an attacker to take control of a vulnerable system. The bug impacts Windows Vista and Windows Server 20008, and while the company has yet to report seeing any attacks leveraging it, exploit code is known to be publicly available.

Resource Library:

The company is also releasing a fix for vulnerabilities in the FTP Service in Microsoft Internet Information Services (IIS) versions 5.0, 5.1, 6.0, and 7.0. The vulnerabilities could allow remote code execution (RCE) on systems running FTP Service on IIS 5.0, or denial of service (DoS) on systems running FTP Service on IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0.

For more about Windows 7 and security, please click here. 

The FTP vulnerabilities came under attack last month. While organizations wait for a patch, Microsoft has advised administrators to not allow FTP write access to anonymous users. In addition, the NTFS file system permissions can be modified to disallow directory creation by FTP users. Information about how to do both those things is contained in Microsoft's advisory.

Most of these updates require a restart so please factor that into your deployment planning, blogged Jerry Bryant, of the Microsoft Security Response Center team.  Usually we do not go into this level of detail in the advance notification but we felt that it is important guidance so customers can plan accordingly and deploy these updates as soon as possible.

The patches are scheduled to be released Oct. 13.

 

 





  Reader Comments: Microsoft to Plug Windows Security Holes on Patch Tuesday
>>> Post your comment now!
What IIS has another hole?
People, seriously. If you need security, IIS is the wrong platform.
Posted At: 10-09-09
By: Blair Christensen
>>> Post your comment now!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


x}r㶲s\@♵M푦d[kŶ,xMT(S$IVreoВ8{$%lh|Gλ$i9cr3ݩkj΢.w߽ ![f8iTE[ ]ߤ~Am;t =4mFNHB~}@~sfwD%x_'Щѩ&€wɄZIКؕ>}~qlv .pvLQm_Qk$Ё_Mܦ%xu)t(DHږyH6EGJߣ*C7 ݩx8/DeO؀HYɼM"h4"j>wn3 w2 X]~D4ڮq 8]b'*#O^3jc㥨H aP`\ 9t} ^- Go&lw"QcO$ӡq̢JK^tf>D>8z v v}jJ73ҧ }KH;R@}ky>5I i1E 94cT$ie8DrH n>, шyiVpA'ס,jO`U[۾xwgy@ffrt KJ&ԃ C(p}=\'t(`_dY7;fؖq[th(V*Z]QKru_):+{1ك;}k47?;W)EsvU ! mݹඒk%ms|uO}~N6ox9vtx//0wFD_jQEVKi/LZHWP u.jzQҏ[F-Z%MR?4,fϷ3+i*H,GQD~6/NM㳣NlL,!V4*V]?#;ˠjqszr|qӹ(H)5?&9gMil&XJp?єyf4Ջ"}Yt"Fͩ8 (J"bN3 ɋE94>BzBp4A*&-`^i1[W <ۋJ!PIxZSx&z$tH h&rkI7.[A0? ; O`r]ɝ5E0ݻCi`y1yj =*~3`=w}   l߃5#~[-[Z6x O͙A }C|'s\(L7^ 2)%%E29 EEKi@$ $h-4`r.́lbo(HXVpD*M'8ݱ;P+JDV{TKh+K@f:32YIFMf X*ȉ#o"09X ,gZ Xk%Ƽ fj~iڛ,Â%Gn]ּG36I `آwBrPC;*::=熳~Lh?wܰHz}G  +Zsƾ :ˋj|X#D nN-˘ \ >eB#`9{MYguϳ-jTN`cܒnh{Ͱ&QUN?>{BO-\naDHդW:ϧ/'ܑm˹ȇJoBo*څP_.dI_fMblȜu>I!VB17OD)wz@aeXd|re{Rj=""ǰ@7Z`N)^HIcНj!D)z٧l.?ΖuV"kͲG{_No6ʞy4 mVJ{g@yC lK/,:+c:*K_jiHH*E6@\Z1-c %㐘 0Zm7@=p=FnP jrIj#0W4E%J,Yvn()z?r fSXS=hM>]!S'!K|3ɺ3'Q0JЫVȅBsMqN!WӐPS@ b^4(Nu=(U+/Y@B# ! B4q`*1Z3l%3uZ0.Xz||pݱM% U<))J5E` L` T<t{[ F:07 1H$6/`k .`@B% &@S^apEkZC疪bdFܔwц.[P,'8Aò?DJQc G}ܸ~?CÜU^ٯVRw$ZTtCjvXVk8;z4;fAqĻ( K rF@>,zM85hN?+zCW>nA.̇O>zX '0h'0^˒V`|Ya_a>]HkK2)<:-7\W4Uud XZ 0XA,C{MtAj[, 0Y,tOhp 9^R˶(fԘ̀d0+9!f~ +ˣy ֟4SFCS؇`m/ RۯTʞuN"9KQ3bRD iα{tbG v,Iq r?z^?_3>(/M3DJ1N*,7ؔAԉ~g׆gyϤͬh|5mwf)~9k %jsU-(x5rL{efr#BS>/CW5o ɈB"+>aJ֍3Pӳ) +uPky WJ9zG:yɿ,`YE8&}砩gcɜc~Gδ8X$]3b0ؑoakS20E=4!Ӆr lVڲ zeE]^|tf#<,hnõ] 7fq;" N)9oe(ԺqK(j ,:H$ 3YˡYF 3_Sq:gUU{My Uf̈*+CjMa10t-wQͤس)WeSxTRVvK;rV/w8C+`SRj*ggkr@/?F~n!?ɵVڽv?!IT˲T\~U'7-RV%%fͳ!ݓFp]FmEmP…3S`ɒ8kps)sp:'S 6PFz%PaAV<^ۍu3קA(6eEZǴX݂ā3o?f/4ڎVõ]2IdH$U ~`MٸUJӴ%I? O}1*Q-ˤӧG׆!oy!3." WP)߱~9)xT-kZl[ԪwB!iq]C0 IZP+{) ,%~w9@` |ZUjr22DBZNBq<:N)ItS^`’;T&.nr_B&+#I _UIn0DR*Mpgssb~f.A+oS$/I4\S2:;_ ݘ`/atm4Qԕ|w9ƶjO}u9|\LЫ{z;Atl;:(Cr|8Gz{cq Ou>"u.O: C?\w?^Hև6?tȁJM $(XCNճ2urҹ ]whg~py# @W~Bh]\/~wϻ4!9\txx\C~xupy|U8#Dyu{ly\3amF '%L_=80<f@ tOלX0vx!|ӱB3ZOUc!)|F ʢjk:=wV6B >$YZgÍ7"lSOkԛ2L:1D&rޚSHZB {ABAJ;TXA:傲q?IkvY䶡[&L#pA32%Ibϔ 5m$Mj3fkC@$Ÿ_:PIv(+Hl4dAzWjSӚmf /.\|غm|'cv2O7&]Z =w>=`LذM\g7hZNPD(Vp-h%db>VAk6Ê,x\J|[<,'Mw[1teOZ5i]~&GmЯ> H-Н>y{ho&})'Iu haJwfim6Ş`6 ݣovV:}i?vݷ;޽s¶"CWq:@(Nt,$$EUՊZƶr,WU3$]d~NfVtF0M3}ݾJf94iɜAhl7B_7nC\`l]C1Bo~˸aW*]c{*{7wo]VZtCqB1nVx/)&%ϓEL @OKtGY_BQKwv{쬐kY\xlSOo OO=rmCGX ?*4lo A[)-)$ΙJ;mmoݍn T f_!O#%FJ ,Q`mZ 9_к õQ`VǴ Iq8|#؈f/'Ɏ?7e{cA|3 e\1R_ w^XR|  .w?i{\nEaQ(^ h }"t(u‰KtV:F,㊚ypl2Z+]&? ruW,w?:ÞVcX'YQQ= WzhLF2l36_ljX-i"W'5gٷXt|נ o~up$|KC2p9vS?8 3t_P]R;~"`6jE}n&sҖeYhepi\-%}1 |ꛈN`] B-Lk']6 ;)  0r]+Iٛ4@ς 9pۘuq`ytT v6>M٤lL'|OAj/i!^렳(&&0a.Bb5=fexv:=S^>vc"SPbosގ#;ۊ5-w>Nkbb [F\;r-'-Wx^TjtIt+΄U%!*,qLm& $Zs>fz''>>~. uLng@0tX;L=:(W@ ~7pev %_AF#'Ͱ1fxfY, 猓L SFGMI@&Y+fOo"> .gVBٳP(O Ħ)^?%jC|u*J[Jm8e(H}if$ܘA&x#*[OKlɮ!rFNvXVeG$q&EXJ~-b|A%+J8P3yZY.$BD~Ӕ\s!)Hh> vWM6`Z}>ACo!Iif(VHKOxL+{"8\괥~^W6iV @l5iVB|i>)kf`2<Ӏ RyGSyآ]\Wrͮ`l NE#)"E[Xjm)XҦ\~) f [Qp.êX/# HlnZ|*a~FE#J'`^mBbKx77e)mU2i{Wc(a>zi,Rl|R!o>S/X$P|[)8|0~PxPEU*ԊCBa~U0xۋ"'"BÖConWKJ~70@rGG˸&d7ZQ->5tU\6L1B+{D4CX3Sj浊@ܲ@|/ q-,q5rq':!.^9999kx%^}N'*Rgh$rRZL)^p@8;#bDSq!{$OjgMh_G0b4==gؐ촗&VkscR]jUB._y$oT^@o8?/83ṵi6i>R5S$)W2_[2`9NbWxП/JxS@GH=0d.}vg R_i)rE_+Z}[9Bupo/vja$vhWB_^e͗!>+E[& csJ S ^pp/0>zv>{t 7ZT{E\iQFX3tY|17Er,F1R)])į\Ժ.Œs;,||'>9.I zu{c͗` y/拁ڐN_ndx5FT0;]x>ŁOt'}z(X Fܸ:wi!4444o4uu; Qv S* *\*7{6XØ_fUWA+/7u4Fܨc.{`RW9rmlSSFP!q0E^|o>x؛iͯL:^+a2>9{=wS{"3dlWُ6fG|.;M.;p&xG0𫲐맙  I9Xu֫"obmjy*ݘԞ>pg7*=uDn*P|Ġ %aFH=V/ ɋV*"i>v.s!VjI: 5 k! M 4&m g2/:Y`!V  gJU+z6!ԯ AH$pH8Д͍3"CیksQ|0tW>vn4qAРVy*_=;v H!F6~? c9Mtwt)ۼRr#5}ĺ (= z!g ƗY'd:ZIHgsS8#{gb,NkV9P2eQ.TKopk@dI` =EOaIv|wouv1 ו)8weQOW|ׂ-^_FG>W-IO *`صl{;pO7f}-Gabd= Dw߁\<=G" }f[ũnYq&l Ll4.N-£EVt^^7 œeVP߸9%tr+(u4dz'=y) ̰6$o IZ,h6Ef`iO3ع/0I_7nrmL=G9QwDdR--:_E! <5օ=[~=.v ܓ.O7HauVt_I@hyl?LH~_(R[qod᫩EP~?8!}'9tѰ8L68߉",t{LjZ8'm:4>(CZP"Z’kM}Is9bMdo@`ע!~OSLZ@ O^a)qc) +pWxE ̓L,p}ƽ7K 4?8`/ =J]8l*b6K-'D-5}L1J[쫫9ʥ` RkyK ߕlc1 {[˛cUAN2AGuP/ADR!դFK>GZk>A5Rhs̴5̈Gbv q#vX5.h{u3ѝrYkUX ZSe԰p-c| Y?*ªFi-,QkOu,ζy9+\W3#o='-Fp=htee9_>PP)%(7䳔l;9b>:-o?ԖF]ώ5 ʃ^:(]Y4O.}Xqߋ^Q$ c,|:9B|N/0ۉpd&íT2ý<HHY G^o.9gF.F{ư|oE\|fV棭j-FdG0 ,2;43KDut G KG53?b)m:,}+sYu?x#jϊ5 UL%R}6L~j*f&3Z5B;e# O׈1h?Y1>F' "~$W ,7\CP |+S7Wq+T}V7>2a:$.+JAW d6:,۞2&.hU?fC.7,M}C< l  \ZP4e)F}eOWJ9Qݹ!?1! g@L-ǣaiAX#hBGH[1~cMNsxXҚm!ah\#d$*)ĴF#1CsiĔy9xϼ_t/9#+?,P֋X G3wȧX,}! _% FK%t]\P"@H>S|??­!~R)Qw30^8pf) '.X`,2E<ez?,Gza~2?y :b,Pn 1YG7`C[5EY|obp ?vc!us x\fJԎNJ$%Ѕ8h,-@"!9͉Kk3*c 7úޛXF #~aP8\  +z+uT'I]W@)q!xW`ǪZIWv x7nV?`.4%WPRh 4 V #vFCdQ `:\ݹXh?5iv>;WNϻ7x$ Zѷhlԭs=|ܽ|ڹl_]w.,hbv>4%oI]hF&5+:r<)))-VNyʻ9H'vN1/?CN?|:Yg}yC:9CL2ϽB^Ng(; s3 { E~.`9ȡ ϋD'(S~g9_@EN9e^\%euݜwAtsOK7G\}\5u``9k}G9 ?>Sn&&~oonr/$)GAy+ZWpz~;29)G9R{WKӜ}(ϑgUsVnVa{jg^W K{^WKͮ0TntKT쵆cn-:v^_s\ ȜHǣqiPB913FUs"\5½qo>ebAZ̥-c@#]qN8^śڃ轊rmv3}`ax&@_]?737 .pqk;O΋kwՕq@Af_b 5?'OtVfw 4;) vbi3q*7ýEy2W8 k-'`4k`eZ 7㌰6N3{ CחUC=tfF}yP4lKeB'hZc(fZg8 a箩-gj&\ʠaCao/XbKZ;cp\;l=2 gdy0\9Khw `Mz4z<8J)g,#[L0=|#Nu.LESzq ;;98,_bY\si`XC,['lyjb)m+H6{uHN,6zo#+fUh( 8[]^NHEf*0y.6'_Ťe @ LޙnǍqgmM-̸&DC(a3 Ӯx'޹S'B0~m :o1I55~ɑL( V1 kDF(l#Bx*$]vu$$}9= zL}`VߜRs7QH墲;}M S9eoE52FXk[n犑LԛZd,~Cpea?>V@U}ÌC 1*{ԟ#1PXY/u[8:\5m$$&3@ gQlVxRDN]szlo0) KlClRnDj;cK:#S3Q)jkA/?tI3۱x쥽%}Yq v.}X#U:.~9IT~3)H%Wb9G$]! ""`A0^|eD$u@Ч ߆ϨnC>XZe.,s0ŬBSh<)O?'[nG\k<>aiEPL/c<9z@n0$ ,1-i?GKu!AY?_vs[>/R`p <Щ1T\bգJʶ)E9b릍\ ѨipKTؖE'nd3^m'oymDmY>mЍ5O1ngNbk*χŀ𞭞{̾^f#9uVOR6ȴ{ ePCik5ZK (Dq] XâȖWITR6!;دD?8- ciĬ ;fcXJ ,oԟN*)Asa#El [ApN7WmsS<"YU9smνk x ؚտU$bC=AH~Ð!goh=5gnBO\&DWK54Ƙb>xYL+ 52lv* X>!ˣŬ"&D0Ȯ'R:rsh;h3T*D#L0Ä "5roq#}eיH؍pKg8g!(X^XLT/D4;NB}a`t1GtƙW.rW?bMd|^khYi/.:xH%D}Sw= aFK;O(Uƥ2p?XQ|=^'`֍[^z:uU- Q{}΂`R)XIC"^ֳL~s Wha<[Wy&F{˳̆UZ*$4o)FҢpL\岞+ziKmw9n~뉘HOa6%s\ɜKBS+4WZ/WiS}* Cf'ʱ wm&lult61͝w$+