Microsoft, RIM, Oracle release critical patches
Microsoft kept things to a minimum with its first set of security updates for 2009, but corporate system administrators who were expecting a quiet week got something else altogether, thanks to Oracle and Research In Motion.
Oracle is expected to release its quarterly Critical Patch Update Tuesday, which will include 41 security patches in its database and enterprise software products. On Monday, RIM released an "interim" patch for its BlackBerry Enterprise Server and BlackBerry Professional Software, fixing a critical flaw in the way those servers process PDF documents.
Microsoft's update is important, too. It fixes three bugs in the Windows Server Message Block (SMB) file and print service. "An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights," Microsoft said in its Security Bulletin explaining the problem.
The update is rated critical for Windows 2000, XP and Windows Server 2003, but moderate for Vista and Windows Server 2008. The beta version of Microsoft's upcoming Windows 7 operating system is affected by one of the flaws, but since Microsoft doesn't fix beta software in its monthly security updates, beta testers will have to wait until the next public release of Windows 7 for a fix.
Because of the nature of the flaws, Microsoft doesn't think that it's likely that attackers will be able to write attacks that let them install unauthorized software on a victim's machine, but one hacker has already released code that he says can be used to make an unpatched Vista system crash. That's known as a denial-of-service attack.
One of the hackers most likely to try to exploit these bugs, Metasploit developer HD Moore said Tuesday that he agreed with Microsoft's assessment. In a Twitter message Tuesday he said he was "giving up on finding exploitable vectors" for the bug.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
microsoft
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
