Network News

X My Profile
View More Activity

Microsoft Patches Three Windows Security Holes

Microsoft yesterday pushed out a couple of patches to fix at least three separate security flaws in its various Windows operating systems, including one that could be especially dangerous for Windows home users.

The most serious update is included in the very first patch rollup issued for 2008, which corrects a "critical" security vulnerability present in Windows XP and Windows Vista. If left untouched, hackers could exploit it remotely to install unwanted software, merely by sending a specially-crafted snippet of data to the victim's machine.

The vulnerability involves a weakness in the way Windows processes incoming "multicast" data packets over a network. Microsoft says that, without the benefit of this patch, even users who have availed themselves of the built-in Windows Firewall to protect themselves from unsolicited inbound Internet traffic would not be able to fend off an attack that exploited this vulnerability.

Security Fix spoke with Ben Greenbaum, a senior research manager for Internet security firm Symantec Corp., about the particulars of this flaw, and asked him what an attacker would need to do to successfully exploit this vulnerability. He told me that it was merely a matter of an attacker sending a maliciously crafted data packet to the victim's machine, and that the biggest threat from this flaw was for home users who hadn't set up any custom rules on their firewall software to block this type of traffic.

Naturally, the next question I had was: "So, by default, does that mean that the firewall bundled with Symantec's software [in things like Norton Internet Security] would not block this type of malicious traffic?" Greenbaum said he didn't know, and that he'd have to get back to me.

Turns out, the latest version of Norton Internet Security for businesses does block this type of traffic by default, but that the consumer version does not. Vincent Weafer, senior director of Symantec Security Response, said the company may soon ship an update that changes that for consumer versions of its software.

I haven't taken a poll of any other software firewall makers, but it's probably safe to assume that others don't either. That said, I should note a couple of things: Regardless of whether Windows users protect their systems with a software or hardware firewall - or both, as I recommend - users have nothing to fear from this vulnerability so long as they apply this patch. Also, most hardware firewalls will drop the type of incoming Internet traffic that would be generated in the exploitation of this weakness.

The other two vulnerabilities deal with faulty Windows components that either are not enabled by default or can only be exploited by attackers with local access to the target system. For more information on the other updates released this month, check out this link.

Update, 3:16 p.m. Jan. 9: Microsoft's recently-launched Security Vulnerability Research and Defense blog goes into quite a bit more detail on this month's patches and the hurdles that attackers might have to overcome to exploit these vulnerabilities. Microsoft's description of the critical network vulnerability discussed above indicates exploiting it may be quite tricky and unpredictable for the attacker. Read more at this link here.

By Brian Krebs  |  January 9, 2008; 10:43 AM ET
Categories:  From the Bunker , New Patches , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: New Nasty Hides From Windows, Anti-Virus Tools
Next: Barbara Moratek Is Not Your Friend

Comments

"Security Fix spoke with Ben Greenbaum, a senior research manager for Internet security firm Symantec Corp., about the particulars of this flaw, and asked him what an attacker would need to do to successfully exploit this vulnerability. He told me that it was merely a matter of an attacker sending a maliciously crafted data packet to the victim's machine, and that the biggest threat from this flaw was for home users who hadn't set up any custom rules on their firewall software to block this type of traffic."

There's actually a lot more to it than that. The attacker would have to repeatedly attempt the attack in order to get lucky and execute the full attack before a random timer expires and the buffer is cleared.

At the same time, the attacker cannot just flood the machine with packets, because it will make the machine unresponsive and drop packets from the attacker.

Assuming he gets past all that, the attack is still likely to cause a bluescreen denial of service, rather than remote code execution.

More info here: http://blogs.technet.com/swi/archive/2008/01/08/ms08-001-part-3-the-case-of-the-igmp-network-critical.aspx

Posted by: Arlington | January 9, 2008 11:21 AM | Report abuse

When are they going to roll back the "Stealth" update that made the Repair function of the XP install disc USELESS?

Posted by: Keith Warner | January 9, 2008 4:07 PM | Report abuse

Uh, anyone else notice that this update borks alot of folks' internet connections, until they reset settings on Windows Firewall?

Posted by: Ted | January 9, 2008 8:52 PM | Report abuse

Brian

I am probably one of a number of your readers who are using Windows XP Pro that they had put on a computer they brought into work to use there.

I have since left that company and now use this computer at home. Apparently, tech support at my former company put TOO MANY copies of XP Pro on folks machines and therefore previously Windows GUI software po-poed my version as not being legit.

I managed to get rid of GUI previously on my machine [abra kadabra] but windows updates keeps trying to download it again. Since I always use the 'custom install' option, along with download but do not install, how do I delete this download, so I don't have to keep looking at it every time updates show up?

Posted by: brucerealtor@gmail.com | January 12, 2008 1:15 AM | Report abuse

thanks for good services

Posted by: noor ali | January 23, 2008 6:01 AM | Report abuse

What can't I just pick which updates I want to download? And why is it so damn tough to find where to download them??? I HATE MICROSOFT SOFTWARE!!!

Posted by: James | January 26, 2008 12:53 AM | Report abuse

a certain proportion to that of corn, though this proportion is what is a good proxy for myspace generally replaces, by every such operation, two distinct capitals, that had

Posted by: Wendy | March 24, 2008 4:53 PM | Report abuse

a certain proportion to that of corn, though this proportion is what is a good proxy for myspace generally replaces, by every such operation, two distinct capitals, that had

Posted by: Wendy | March 24, 2008 4:53 PM | Report abuse

secondly, in his revenue, from whatever source derived, as it gradually standalone player myspace music the value of this annual produce, they must evidently tend either

Posted by: Sharon | March 24, 2008 6:00 PM | Report abuse

hurting the great body of the people, he renders them a most cool guy myspace layouts to support it. The bounties upon the exportation of British made

Posted by: Wendy | March 24, 2008 8:08 PM | Report abuse

purchase a greater quantity of the goods he wanted than his immediate adult myspace comments and graphics still continue to bring back a return. The manufacturers during

Posted by: Heather | March 25, 2008 2:19 AM | Report abuse

Currencies in financial markets USA dollar
http://cinige.disi.unige.it/elearning/moodle/user/view.php?id=29&course=1#usa-dollar
[URL=http://cinige.disi.unige.it/elearning/moodle/user/view.php?id=29&course=1#usa-dollar]USA dollar[/URL]

Posted by: usa dollar | March 27, 2008 10:53 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company