MISCELLANEOUS

MS09-001 – It's A Big(-ish) Deal This Time

Covering again the vulnerability beat this week, only from a more mundane angle: this one's a biggie, folks and folkettes, and you'd be well-advised to let Windows auto-update do its thing (or at least, test and patch at your earliest convenience, but then, if that kind of thing is part of a regular breakfast for you, what are you doing here?).

MS09-001 resolves three vulnerabilities in the SMB protocol implementation, two of them leading straight to unauthenticated, remote code execution (read: total ownership of affected systems on a first-come-first-serve basis) and a mere denial of service condition.

Before you start thinking that these are all bad things that may happen in your future and hence ignorable, take a moment to appreciate the facts.

All versions of Windows up to and including 7 are vulnerable in their unpatched state, firewalled systems may be spared yet corporate PC’s rarely are firewalled from one another – which would give a potential worm plenty of room to spread – and that, in fact, there is a rumour around the block that there may already be exploit code in the wild for one or more of these vulnerabilities.

Patch now. Nobody would benefit from two Downadup-sized epidemics in one month – except virus writers.

About the author

Răzvan STOICA

Razvan Stoica is a journalist turned teacher turned publicist and
technology evangelist. When Bitdefender isn't paying him to bring complex subjects to wide audiences, he enjoys writing fiction, skiing and biking.

Razvan Stoica started off writing for a science monthly and was the chief
editor of a science fiction magazine for a short while before moving on to
the University of Medicine in Bucharest where he lectured on the English
language. Recruited by Bitdefender in 2004 to add zest to the company's
online presence, he has fulfilled a bevy of roles within the company since.

In his current position, he is primarily responsible for the communications and community-building efforts of the Bitdefender research and technology development arm.