Patch Tuesday Analysis for January 2009

1 patch this month affecting servers and some workstations - any computer running the Server service which provides file sharing and many other Server functions and remote administration capabilities.  The patch addresses 3 vulnerabilities with the Server service with one of them being a publicly disclosed denial of service hole.  If we assume Microsoft discovered the other 2 remote code vulnerabilites while investigating the DOS hole then it may not be long until others discover them and publicly disclose.  Given the ubiquity of the Server service this would be a very attractive worm vector.  Eric Shultz, former security update czar at Microsoft and now CTO at Shavlik agrees - "MS09-001 is a super critical patch to install right away. This vulnerability is similar to what prompted the blaster and sasser worms a few years ago. We expect to see a worm released for this in the very near future."  Therefore I recommend patching as soon as you complete basic testing in your environment; you will need to accelerate/skip testing if a worm is indeed released so stay tuned. 

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS09-001

958687
Arbitrary code

/ Server Service
Workstations
Servers
Yes/NoNoCritical Win2000
XP
Vista
Server 2003
Server 2008
NonePatch ASAP after testing in your environment

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Tuesday Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.