Patch Tuesday Analysis: The Server Service Attacked

1 patch this month affecting servers and some workstations - any computer running the Server service which provides file sharing and many other Server functions and remote administration capabilities.  The patch addresses 3 vulnerabilities with the Server service with one of them being a publicly disclosed denial of service hole.  If we assume Microsoft discovered the other 2 remote code vulnerabilites while investigating the DOS hole then it may not be long until others discover them and publicly disclose.  Given the ubiquity of the Server service this would be a very attractive worm vector.  Eric Shultz, former security update czar at Microsoft and now CTO at Shavlik agrees - "MS09-001 is a super critical patch to install right away. This vulnerability is similar to what prompted the blaster and sasser worms a few years ago. We expect to see a worm released for this in the very near future."  Therefore I recommend patching as soon as you complete basic testing in your environment; you will need to accelerate/skip testing if a worm is indeed released so stay tuned. 

 

Shavlik has a webinar you may want to attend today and again on February 11 called " Minimize the Impact of Patch Tuesday ". 

 

Please register for my own upcoming webinars.  This is real training for free. 

 

Managing File Permissions on Windows Server: There's More Than Meets the Eye  

Microsoft Audit Collection Services: How Does It Stack Up as a Security Log Solution?

And here's the chart:   

Fast Facts on This Month’s Bulletins – sponsored by Shavlik NetChk Protect

Bulletin	Exploit Types /Technologies Affected	System Types Affected	Exploit details public? / Being exploited?	Comprehensive, practical workaround available?	MS severity rating	Products Affected	Notes	Randy's recommendation	Supported by Shavlik NetChk Protect ?
MS09-001    958687	Remote code /  Server service	Servers and some Workstations	Yes / No	No	Critical	All versions of Windows		Patch ASAP after testing in your environment	Yes
		Shavlik NetChk Protect An award winning solution that simplifies and accelerates the detection and remediation of gaps in your system security, resulting in an enterprise that is ready to improve the speed, accuracy and productivity of its IT security and compliance operations – in physical and virtual environments.   Shavlik has a webinar you may want to attend today or on February 11 called " Minimize the Impact of Patch Tuesday ".

Please register for my upcoming webinars.  This is real training for free. 

 

Managing File Permissions on Windows Server: There's More Than Meets the Eye  

Microsoft Audit Collection Services: How Does It Stack Up as a Security Log Solution?

Thanks as always for reading and best wishes on security,
Randy Franklin Smith

---

Subscription Information

 

Click here to change your email address or control what types of information you receive.

 

You can unsubscribe below but try fine-tuning what type of information I send you.  I have 5 different categories emails I send out - you can choose which to receive .

Click here to unsubscribe

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2008 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.

Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.