Microsoft released one critical and one important patch for its November patch Tuesday.
The MS08-069 critical bulletin patched the vulnerabilities in Microsoft XML Core Services. Microsoft claimed that the most severe vulnerability could allow remote code execution if a user viewed a specially crafted web page using Internet Explorer.
Meanwhile, the MS08-068 important patch resolves a publicly disclosed vulnerability in Microsoft Server Message Block (SMB) Protocol. This vulnerability could allow remote code execution on affected systems as an attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
Andrew Clarke, senior vice president, international at Lumension Security, claimed that IT administrators could breathe a little easier from the patch. He said: “Organisations must still be vigilant in patching. As the critical patch MS08-069 addresses a vulnerability in Windows XML Core Services, a pervasive technology used throughout businesses to format and manipulate data, organisations should ensure they address this vulnerability immediately. If not addressed straight away, hackers could compromise the integrity of a company's sensitive information.
“While MS08-068 might be ranked as important in terms of severity, organisations should also pay close attention to it, as it could allow hackers to take remote control of users' PCs. Furthermore, Microsoft's Exploitability Index is warning that exploit code is likely to be developed for this vulnerability. It has received the most severe Exploitability Index Assessment, which warns users that exploit code could be created in such a way that an attacker could consistently exploit that vulnerability.
“This will be the second month that Microsoft is using its Exploitability Index, a new Microsoft initiative aimed at predicting whether exploit code will be released and the potential severity of that exploit code. It will be interesting to see how the predictions match up with the reality.”
Meanwhile Eric Schultze, CTO at Shavlik, claimed that the vulnerability was revealed by Sir Dystic over seven years ago as he wrote a utility called SMBRelay to demonstrate the flaw.
He said: “This means that Microsoft has known of this problem since 2001 and was not able to (or chose not to) fix it until now. This also means that working exploit code has been available for all Operating Systems including Windows NT 4, Windows 2000, XP, Windows Server 2003, Vista and WS08 (though as Microsoft correctly states, exploitation is severely mitigated on Vista and WS08).
“Well, it looks like they've finally seen the light and have addressed this issue via the MS08-068 patch. It is important to get this one patched right away because exploit tools are readily available.”