Multiple critical patches – a busy day

Today marks the largest patch Tuesday ever from our friends in Redmond with 13 vulnerabilities addressed, covering a total of 34 potential exploits. Three of the exploits have had public code posted while 11 of them are rated as likely to be consistently exploitable.

The most alarming vulnerability this month is MS09-050, which according to its discoverer, was introduced by the patch for MS07-063. MS09-050 was first published publicly on security researcher Laurent Gaffié’s blog on September 7th outlining a denial of service vulnerability in SMB 2.0, specifically the srv2.sys driver. You might remember some of the buzz when this was first released as several people immediately added that that this was not only a denial of service, but could easily lead to remote code execution. What should be just as concerning for Microsoft, however, is the fact that the vulnerability affects Windows Vista and Windows 7 machines and not Windows XP – not an encouraging sign.

Included in this patch are also updated kill bits for ActiveX controls ala MS09-035, which if you remember was related to several vulnerabilities in ATL. Also, MS09-060 appears to address these vulnerabilities as they pertain to MS Office. It’s less than settling to see this vulnerability still has not been fully patched.
Another highly visible patch this month is the fix for the SSL certificate impersonation vulnerability, MS09-056. Those who attended Blackhat LV in July won’t have forgotten that this was the exploit being enthusiastically described to a standing room only audience by Moxie Marlinspike. Interestingly enough, this vulnerability was discovered by Dan Kaminsky.

As always, make sure to apply these patches as soon as possible and especially this month if you are using Windows Vista or later with SMB enabled!