Published: 2009-01-20T07:06+00:00    Last Updated: 2009-01-22T01:11+00:00

JVNTR-2009-01
Microsoft Updates for Multiple SMB Protocol Vulnerabilities (TA09-013A)

Overview

In their bulletin for January 2009, Microsoft released updates to address vulnerabilities in the Server Message Block (SMB) Protocol that affects all supported versions Microsoft Windows.

Event Information


Date (UTC)Description
2009-01-21 18:56 Symantec
ThreatCON (2) => (1)
Microsoft Security Bulletin MS09-001 was released a week ago, but no public exploits or incidents of active exploitation targeting the vulnerability are known.
2009-01-14 02:28 JPCERT/CC
JPCERT-AT-2009-0001: January 2009 Microsoft Security Bulletin (including one critical patche)
2009-01-14 00:19 US-CERT
TA09-013A: Microsoft Updates for Multiple SMB Protocol Vulnerabilities
Via US-CERT Mailing List
2009-01-13 21:18 Microsoft
MS09-JAN: Microsoft Security Bulletin Summary for January 2009
Included in this advisory are updates for newly discovered vulnerabilities.
2009-01-13 21:12 SANS Internet Storm Center
January Black Tuesday Overview
Overview of the January 2009 Microsoft patches (KB article) and their status.
2009-01-13 18:28 Symantec
ThreatCON (1) => (2)
Microsoft has released its scheduled security update for January 2009. Customers are advised to install the update as soon as possible.
2009-01-13 18:09 US-CERT
Microsoft Releases January Security Bulletin
US-CERT Current Activity
Microsoft has released the Microsoft Security Bulletin Summary for January 2009. Included in this bulletin is an update to address a vulnerability in Microsoft Windows. This vulnerability may allow an attacker to execute arbitrary code.
2009-01-08 18:15 Microsoft
MS09-JAN: Microsoft Security Bulletin Advance Notification for January 2009
Included in this advisory are updates for newly discovered vulnerabilities.
2008-08-14 Zero Day Initiative (ZDI)
ZDI-09-002: Microsoft SMB NT Trans2 Request Parsing Remote Code Execution Vulnerability
SMB Validation Remote Code Execution Vulnerability (MS09-001, CVE-2008-4835)
Vulnerability Reported
The specific flaw exists in the processing of SMB requests. By specifying malformed values during an NT Trans2 request an attacker can cause the target system to kernel panic thereby requiring a reboot of the system. Further manipulation can theoretically result in remote unauthenticated code execution.
2008-06-25 Zero Day Initiative (ZDI)
ZDI-09-001: Microsoft SMB NT Trans Request Parsing Remote Code Execution Vulnerability
SMB Buffer Overflow Remote Code Execution Vulnerability (MS09-001, CVE-2008-4834)
Vulnerability Reported
The specific flaw exists in the processing of SMB requests. By specifying malformed values during an NT Trans request an attacker can cause the target system to kernel panic thereby requiring a reboot of the system. Further manipulation can theoretically result in remote unauthenticated code execution.