Overview of the September 2009 Microsoft patches and their status.
We will update issues on this page for about a week or so as they evolve.
We appreciate updates US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY (*): ISC rating
(**): If installed. (***): Critical of ISA servers Update 1: All KB and CVE links have been updated Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org |
Guy 523 Posts ISC Handler Sep 8th 2009 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread locked Subscribe |
Sep 8th 2009 1 decade ago |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
I think you got the criticality on MS09-048 backwards. If you're running Server 2008, there's a possibility of remote code execution without any authentication if you have any TCP ports open (most servers will have at least one port open, and RCE means wormable . . .). Also, the DoS attack that Server 2003 is vulnerable to appears to be merely preventing new inbound TCP connections, and that's more likely to cause problems for a server administrator than a workstation user.
I am a bit miffed that Microsoft isn't releasing an update for XP even though it sounds like it's just as vulnerable to the DoS attacks as the other OSes. Their excuse is that XP SP2/SP3 ships without any exceptions in the firewall, therefore a fix isn't required. But the minute you install anything that requires a firewall exception, the vulnerability rears its ugly head (and I smack mine). That said, at least it appears to be a relatively benign DoS vulnerability, not one that triggers a BSOD. |
Anonymous |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Sep 8th 2009 1 decade ago |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
MS09-047 has the wrong KB #.
I think you want KB973812. (http://support.microsoft.com/kb/973812) |
Anonymous |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Sep 9th 2009 1 decade ago |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
So is anyone going to release/create an XP patch manually, that the SANS would be willing to vet?
|
Anonymous |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Sep 15th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!