It’s Patch Tuesday and you need to patch


Microsoft released two patches today.  One is marked Critical and the other is marked Important.  They are:

Microsoft Security Bulletin MS08-069 – Critical

Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)

And

Microsoft Security Bulletin MS08-068 – Important

Vulnerability in SMB Could Allow Remote Code Execution (957097)

If you’re running a client computer (Windows 2000 Pro, Windows XP, or Windows Vista), then you need to patch these right away.  However you can test them before patching your Servers, but I wouldn’t spend too long on it (by next Monday at the latest).

MS08-069 concerns the XML Core Services.  This fixes CVE-2007-0099, CVE-2008-4029, and CVE-2008-4033.  If the user goes to a malicious website, then the possibility exists that the site will be able to execute programs with the level of privilege that the user has.  Meaning, if it’s an Administrator account, they’ll have full privileges.  If it’s a limited user, they won’t have as many.

Also, depending on which version of XML Core Services that you’re running, is whether Microsoft considers this Critical (XML Core Services 3.0) or Important (XML Core Services 4.0, 5.0 and 6.0).  But if it is there, you need to get it.

It looks like the main problems are Remote Code Execution in XML Core Services 3.0 and Information Disclosure in the rest.

MS08-068

This issue lies in the Server Mesage Block (SMB) Protocol.  This is the protocol used for logging into the shared folders over a network (especially if you’re running a mixed network of Windows, Linux/Unix, and/or Macintoshes).  It has other uses as well.

If an attacker is successful in exploiting this vulnerability, they can execute code, create or remove folders and programs, and create or remove user accounts.  Like the XML Core Services vulnerability above, a limited user has less capabilities than an Administrator.

On Windows 2000 through 2003, this is listed as Important.  Also on Windows 2000 and XP SP2, it replaces the following Security bulletins MS06-030 (2000 SP4) and MS05-011 (XP SP2).  For Windows Vista and Server 2008, this is listed as Moderate.

The Internet Storm Center lists both of these vulnerabilities as Critical on clients and Important on Servers.  Also neither of the Microsoft bulletins mention the Windows 7 Beta, however if you’re lucky enough to be running that, I suggest checking for updates anyhow.  Especially since you may have one of the XML Core Services installed (with Office or for another reason).

Have a great day:)

Patrick.

Leave a comment

Your email address will not be published. Required fields are marked *