Microsoft kicked off the New Year with two high-priority security bulletins -- one critical, one important -- on the first Patch Tuesday of 2008.
The patches, released today, address critical and important vulnerabilities affecting all supported editions of Windows, which include XP and Vista.
A security advisory on Microsoft's security blog stated that the first patch, MSA-001, was deemed critical for Windows XP and Windows Vista and was also considered an important security update for Windows Server 2003.
The critical update fixes two vulnerabilities in the Transmission Control Protocol/Internet Protocol processing feature. One of the errors is contained in the IGMP function, a multicasting feature which allows multiple recipients to share one data stream in a video application.
The vulnerability allows a remote attacker to potentially compromise an affected system, without requiring any user interaction. However, security experts say that while the vulnerability has a critical ranking, the error, and subsequent update, likely won't affect a broad range of businesses.
"In a business environment, it would normally not be mission critical," said Ben Greenbaum, senior research manager for Symantec (NSDQ:SYMC) Security Response. "If that function is not needed, it can be blocked at the perimeter or disabled entirely."
Also addressed by the same update, but less critical, is an error in the ICMP, or message handling software, which is disabled by default in all affected operating systems, security experts say.
Security researchers maintain that while serious, the ICMP vulnerability is less critical than the first one if an attacker were to actively exploit it. "The worst they could do is crash the machine," said Greenbaum.
MSA-002, the second security bulletin classified by the Microsoft security team as important, repairs a flaw in Windows Local Security Authority Subsystem Service.
"You can't turn this (system) off," said Greenbaum. "Until you patch it, it's always vulnerable."
However, one VAR says that the security error rated important didn't pose a big threat.
"The security exploit requires local access to the server," said John Joyner, senior architect for ClearPointe Technology, based in Little Rock, Ark., and specializing in managed service networks. "It can't be exploited remotely."
If exploited, the vulnerability could allow an attacker to run arbitrary code and take control of an affected system to install malicious programs, view, change, or delete data, or create a new account with full user privileges.
"As far as we know, none of these have been successfully exploited outside of a testing environment," said Laura Yecies, vice president at Check Point, via e-mail. "However, as always, the first few days after these vulnerabilities are announced are active for hackers as they look for the easiest methods of attack and evaluate the potential for success."
While the vulnerabilities are considered serious, Joyner says that neither of the Microsoft patches will significantly affect his business.
"There's nothing that was released that is extremely critical" said Joyner. "The security vulnerabilities are both difficult to exploit."
Despite varying levels of seriousness, experts recommend that users apply both security updates as soon as possible.
"We can expect that ICMP can be blocked by most if not all Web servers," said Yecies. "Likewise, most Web servers can block multicast. So an organized administrator may already be prepared, although we still highly recommend installing any Microsoft security patches."
The patches, released today, address critical and important vulnerabilities affecting all supported editions of Windows, which include XP and Vista.
A security advisory on Microsoft's security blog stated that the first patch, MSA-001, was deemed critical for Windows XP and Windows Vista and was also considered an important security update for Windows Server 2003.
The critical update fixes two vulnerabilities in the Transmission Control Protocol/Internet Protocol processing feature. One of the errors is contained in the IGMP function, a multicasting feature which allows multiple recipients to share one data stream in a video application.
The vulnerability allows a remote attacker to potentially compromise an affected system, without requiring any user interaction. However, security experts say that while the vulnerability has a critical ranking, the error, and subsequent update, likely won't affect a broad range of businesses.
"In a business environment, it would normally not be mission critical," said Ben Greenbaum, senior research manager for Symantec (NSDQ:SYMC) Security Response. "If that function is not needed, it can be blocked at the perimeter or disabled entirely."
Also addressed by the same update, but less critical, is an error in the ICMP, or message handling software, which is disabled by default in all affected operating systems, security experts say.
Security researchers maintain that while serious, the ICMP vulnerability is less critical than the first one if an attacker were to actively exploit it. "The worst they could do is crash the machine," said Greenbaum.
MSA-002, the second security bulletin classified by the Microsoft security team as important, repairs a flaw in Windows Local Security Authority Subsystem Service.
"You can't turn this (system) off," said Greenbaum. "Until you patch it, it's always vulnerable."
However, one VAR says that the security error rated important didn't pose a big threat.
"The security exploit requires local access to the server," said John Joyner, senior architect for ClearPointe Technology, based in Little Rock, Ark., and specializing in managed service networks. "It can't be exploited remotely."
If exploited, the vulnerability could allow an attacker to run arbitrary code and take control of an affected system to install malicious programs, view, change, or delete data, or create a new account with full user privileges.
"As far as we know, none of these have been successfully exploited outside of a testing environment," said Laura Yecies, vice president at Check Point, via e-mail. "However, as always, the first few days after these vulnerabilities are announced are active for hackers as they look for the easiest methods of attack and evaluate the potential for success."
While the vulnerabilities are considered serious, Joyner says that neither of the Microsoft patches will significantly affect his business.
"There's nothing that was released that is extremely critical" said Joyner. "The security vulnerabilities are both difficult to exploit."
Despite varying levels of seriousness, experts recommend that users apply both security updates as soon as possible.
"We can expect that ICMP can be blocked by most if not all Web servers," said Yecies. "Likewise, most Web servers can block multicast. So an organized administrator may already be prepared, although we still highly recommend installing any Microsoft security patches."
No comments:
Post a Comment