January 17th, 2008
Don't dawdle on Microsoft latest batch of patches
If you’re like most folks you are taking your time installing Microsoft’s latest round of security patches. However, you may want to get your rear end in gear.
Specifically apply MS08-001, which was released on Jan. 8. That patch fixed a Transmission Control Protocol/Internet Protocol (TCP/IP) processing vulnerability that was critical for XP and Vista.
The vulnerability if left unpatched could lead to a worm attack. Ryan Naraine interviews the hacker that brought the bug to Microsoft last August and the details are worrisome.
So how can this turn into a worm attack? Immunity has issued a proof of concept attack for the vulnerability (available to customers). It’s a just a matter of time before this code goes into the wild.
Ryan appears to be sold on the idea of a potential worm attack. I agree just based on odds–we haven’t been hit with a serious worm for two years.
Microsoft has noted that the latest flaw isn’t likely to lead to a worm attack in real-world conditions. Then again, Microsoft has spent some serious digital ink on its Security Vulnerability Research and Defense blog over MS08-001. “We think successful exploitation for remote code execution is not likely,” says Microsoft.
Is that a fact or a challenge? Hackers are likely to choose the latter.
Simply put, Microsoft didn’t have a lot of patches to kick off 2008, but the ones it delivered shouldn’t be ignored.
Naturally there are complications. The biggest one is that this patch may not be easy to install.
Holly Stewart at IBM ISS sums it up:
MS08-001 poses some unique problems from a remediation and protection standpoint. First of all, you have the update itself. It changes the core TCP/IP driver, and does so for a very good reason. If you don’t already know the severity of CVE-2007-0069 patched in MS08-001, let me just say a few words here…
* affects all currently supported Microsoft operating systems
* on by default except on 2003 Server
* remotely exploitable
* requires no user interaction
This equals bad.
In addition, this patch may break your apps.
Stewart writes:
Although I’m sure Microsoft has quality standards way beyond my wildest QA department fantasy, and I know they have a huge lab and excellent program dedicated to interoperability, it is difficult to predict how driver changes will interact with everything. If I were a customer running a network with a lot of home-grown apps that tapped into network drivers, this update would scare the bejesus out of me.
Scary your not, you need to take this Microsoft patch batch seriously. That said, I don’t envy IT folks that have to implement this patch. Critical patch and broken apps could be ahead.
Larry Dignan is Editor in Chief of ZDNet and Editorial Director of ZDNet sister site TechRepublic. See his full profile and disclosure of his industry affiliations.
