Microsoft has released its MS09 series by patching a highly critical SMB vulnerability affecting Win2k, Win2k3, Winxp and even Vista and Win2k8.

Microsoft ratings are as mentioned below:

Table below summarizes the exposure of each version of Windows.

However the possiblities of the two RCE vulnerabilities affecting all Windows version are unlikely to result in functioning exploit code as stated in the Microsoft exploitability index

The reason being:

• The vulnerabilities cause a fixed value (zero) to be written to kernel memory – not data that the attacker controls.
• Controlling what data is overwritten is difficult. To exploit this type of kernel buffer overrun, an attacker typically needs to be able to predict the layout and contents of memory. The memory layout of the targeted machine will depend on various factors such as the physical characteristics (RAM, CPUs) of the system, system load, other SMB requests it is processing, etc.

However, it should be on top to-do lists for any system guy as its impact is very high. I am on it!!!

Similar Posts you might be interested in:

• Microsoft 10 Feb – patch tuesday
• Patch Tuesday – March 11 , 2009
• Microsoft intending to release 2 out-of-band vulnerbilities