Dont Dawdle On Microsoft Latest Batch Of Patches
By Larry Dignan
January 17th, 2008

If you’re like most folks you are taking your time installing Microsoft’s latest round of security patches. However, you may want to get your rear end in gear. Specifically apply MS08-001, which was released on Jan. 8. That patch fixed a Transmission Control Protocol/Internet Protocol (TCP/IP) processing vulnerability that was critical for XP and Vista.

The vulnerability if left unpatched could lead to a worm attack. Ryan Naraine interviews the hacker that brought the bug to Microsoft last August and the details are worrisome. So how can this turn into a worm attack? Immunity has issued a proof of concept attack for the vulnerability (available to customers). It’s a just a matter of time before this code goes into the wild.

Ryan appears to be sold on the idea of a potential worm attack. I agree just based on odds–we haven’t been hit with a serious worm for two years. Microsoft has noted that the latest flaw isn’t likely to lead to a worm attack in real-world conditions. Then again, Microsoft has spent some serious digital ink on its Security Vulnerability Research and Defense blog over MS08-001.

“We think successful exploitation for remote code execution is not likely,” says Microsoft. Is that a fact or a challenge? Hackers are likely to choose the latter. Simply put, Microsoft didn’t have a lot of patches to kick off 2008, but the ones it delivered shouldn’t be ignored. Naturally there are complications. The biggest one is that this patch may not be easy to install.

ZDNET Blogs
complete article