Filed under: OS Updates, Security, Windows, Microsoft
Microsoft releases critical patch for SMB vulnerability
by Lee Mathews Jan 13th 2009 at 5:15PM
Just because it's relatively quiet on Patch Tuesday doesn't mean the one bulletin that was released should be ignored.Microsoft today issued MS09-001 to address a critical vulnerability in the SMB protocol that could allow an attacker free reign to cause havoc via the NetBIOS ports (139 and 445). According to Microsoft, "an attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights."
Though it would be difficult for an attacker to successfully exploit the weakness, Microsoft advises that users of all versions of Windows from 2000 up download the appropriate patch immediately. It's worth noting that Windows 7 does not appear in the affected software list - whether we should be concerned about that fact remains to be seen.
Just what Linux and Mac users needed: another reason to deride SMB.
Reader Comments (Page 1 of 1)
victor.pimentel said 8:40PM on 1-13-2009
Actually, this affects Windows 7 too:
http://blogs.technet.com/msrc/archive/2009/01/13/january-2009-monthly-bulletin-release.aspx
While it's "critical" for Windows 2000, XP and 2003 Server, it has been tagged as "moderate" for Windows Vista, 7 and 2008 Server.
They have decided to not release the patch for Windows 7, I suppose Windows Betas are *really* Betas...
Reply
hazard said 9:15PM on 1-13-2009
MS is doing updates for the Beta, just depends on the type of issue involved. For instance, they have a patch out for problems with the Media Center and Player.
http://support.microsoft.com/kb/961367
The MP3 metadata bug is particularly nasty ..
"Every time that metadata is edited in an MP3 file that already contains lots of metadata in the file header, some audio at the beginning of the track may be lost permanently. Up to several seconds of audio may be lost.
.. Windows Media Player has a feature that adds metadata that is missing. This may include large album art. By default, this feature is turned on. Therefore, without action on your part, all MP3 files that have large headers in your Windows Media Player and Windows Media Center libraries are likely to lose some audio. Install the update to resolve this issue before you introduce MP3 files to the computer."
gonintendo said 10:40PM on 1-13-2009
Yeah, this happened to me, but i had a backup "music partition, just in case something like this happened.
hazard said 8:09AM on 1-14-2009
Nice to see you beating Engadget on this one, it's usually the other way around. Though I did notice that they lead the story with the MP3 corruption patch ;)
Reply
Jash Sayani said 10:33AM on 1-14-2009
Nice M$. This is why I prefer Apple.
After 9 years, they find a critical flaw in the OS !!!
Reply