Microsoft Stomps Beastly Server Bugs

Microsoft (Nasdaq: MSFT) issued a critical software update Tuesday, plugging three vulnerabilities in all versions of its Windows operating system. The three flaws, two of which were reported privately and the third of which was publicly disclosed, deal with a hole in the Microsoft Server Message Block (SMB) Protocol.

The vulnerabilities could enable an attacker who successfully exploits them to install programs; view, change or delete data; or create new accounts with full user rights. The security update addresses the flaws by validating the fields inside the SMB packets, according to Microsoft.

The software maker rated two of the security holes -- CVE-2008-4834 and CVE-2008-4835 -- as critical in Windows 2000, Windows XP and Windows Server 2003. The third flaw -- CVE-2008-4114, which also affects those OSes -- was given a moderate rating. The same vulnerabilities in Windows Vista and Windows Server 2008 were given a moderate rating by Microsoft.

The flaws are serious, insofar as exploits could lead to remote code execution and thereby to hackers controlling an affected computer, said Richard Wang, U.S. SophosLabs manager.

"However, we have not yet seen any malicious software taking advantage of this vulnerability," he told TechNewsWorld.

Critical Situation

The first two flaws concern unauthenticated remote code execution vulnerabilities, which exist in the way that Microsoft SMB Protocol handles specially crafted SMB packets. Efforts by hackers to exploit the flaws would not require authentication, thereby allowing attackers to exploit the vulnerabilities by sending a specially crafted network message to a computer running the Server service. Most attempts to exploit the security hole would result in a system denial of service condition; however, remote code execution is possible, at least theoretically, Microsoft said.

"CVE-2008-4834 and CVE-2008-4835 both allow remote code execution, meaning that a computer that is connected to the Internet is at risk. A remote attacker can install and execute programs, compromise the confidentiality, integrity or availability of sensitive data, and create administrator accounts," Chris Rodriguez, an analyst at Frost & Sullivan, told TechNewsWorld.

The remaining problem rests with a denial of service vulnerability that exists in the way that Microsoft SMB Protocol software handles specially crafted SMB packets. As with the other two flaws, an attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted network message to a computer running the service. Unlike the other vulnerabilities addressed in the patch, if an attacker successfully exploits the flaw, it could cause the user's computer to stop responding and restart.

Get the Shot

Microsoft recommends that Windows users install the security update immediately.

If a system is left unpatched, "it is possible hackers will be able to exploit this vulnerability to break into networks and install their own programs," Wang noted.

While no exploits have been detected that take advantage of these vulnerabilities, according to Rodriguez, businesses should be on guard.

"Organizations must vigilantly watch firewall configurations and close unnecessary ports on their computers," he pointed out.