Microsoft released five critical advisories to address a total of eight vulnerabilities to address core Microsoft operating system platforms on its monthly Patch Tuesday.
Dave Marcus, director of security research and communications for McAfee Avert Labs, said: “These vulnerabilities are the most likely to be exploited by malicious code and are two of the best worm candidates that we've seen since Conficker. That said all of today's security bulletins address vulnerabilities that could allow an attacker to take complete control of a vulnerable PC.”
Andrew Clarke, senior VP at Lumension, believed that the most urgent issues that need to be addressed by IT managers are three un-patched Microsoft day zero vulnerabilities that are currently now in the wild.
Clarke said: “Two of these are Microsoft FTP issues, one which can allow a remote attacker to take over the server in older versions of Windows and the second that can cause a denial-of-service (DoS) attack. At the last minute, a new day zero vulnerability was released that can cause Vista, Windows 7 and possibly Windows 2008 machines to crash as it takes advantage of a flaw in SMB2, requiring no user intervention or authentication.”
Likewise Wolfgang Kandek, CTO of Qualys, said: “Microsoft did not address the IIS FTP zero-day vulnerability that was made public last week. In addition, yesterday a security researcher disclosed a vulnerability in the file sharing protocol (SMB2) of Vista, 2008 and potentially Windows 7.”
He claimed that Qualys expects Microsoft to monitor the extent of exploitation of these two new vulnerabilities and continue to provide guidance for workarounds.
Looking at the patches, Clarke said that of the five Microsoft critical patches, two will require mandatory restarts causing some level of disruption within the enterprise (MS09-049 and MS09-048).
“Microsoft Vista leads the batch of patches, with four critical vulnerabilities (MS09-045, MS09-049, MS09-047 and MS09-048). This brings up an interesting situation as Windows 7 and Windows 2008 R2 were released to manufacturing (RTM) early last month, which means many Microsoft partners and corporate customers will have started using/evaluating these two new platforms. These ‘early adopters' are covered this month as Microsoft has identified these new platforms as ‘non-affected' for all five September updates,” said Clarke.
Jason Miller, security and data team manager at Shavlik Technologies, claimed that the most important bulletin to install first is MS09-048, as this bulletin resolves three vulnerabilities in the networking component TCP/IP.
Miller said: “In two of the vulnerabilities, attacks could cause a DOS on target machines by sending specially crafted network packets that will cause the system to freeze or automatically restart.
“The other vulnerability addressed could allow attacks to take control of a target Windows Vista or Windows 2008 system by also sending specially crafted packets. Administrators should patch their servers as soon as possible for this vulnerability as it could lead to network wide outages.”
Kandek recommended that customers focus on MS09-045 and MS09-047 due the high likelihood of exploits.