Microsoft, RIM, Oracle release critical patches

The beta version of Microsoft's upcoming Windows 7 operating system is affected by one of the flaws.

Microsoft kept things to a minimum with its first set of security updates for 2009, but corporate system administrators who were expecting a quiet week got something else altogether, thanks to Oracle and Research In Motion.

Oracle is expected to release its quarterly Critical Patch Update Tuesday, which will include 41 security patches in its database and enterprise software products. On Monday, RIM released an "interim" patch for its BlackBerry Enterprise Server and BlackBerry Professional Software, fixing a critical flaw in the way those servers process PDF documents.

Microsoft's update is important, too. It fixes three bugs in the Windows Server Message Block (SMB) file and print service. "An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights," Microsoft said in its Security Bulletin explaining the problem.

The update is rated critical for Windows 2000, XP and Windows Server 2003, but moderate for Vista and Windows Server 2008. The beta version of Microsoft's upcoming Windows 7 operating system is affected by one of the flaws, but since Microsoft doesn't fix beta software in its monthly security updates, beta testers will have to wait until the next public release of Windows 7 for a fix.

Because of the nature of the flaws, Microsoft doesn't think that it's likely that attackers will be able to write attacks that let them install unauthorized software on a victim's machine, but one hacker has already released code that he says can be used to make an unpatched Vista system crash. That's known as a denial-of-service attack.

One of the hackers most likely to try to exploit these bugs, Metasploit developer HD Moore said Tuesday that he agreed with Microsoft's assessment. In a Twitter message Tuesday he said he was "giving up on finding exploitable vectors" for the bug.

In a Tuesday blog posting explaining the risks of an attack, Microsoft said that corporate users should patch "SMB servers and Domain Controllers immediately since a system DoS would have a high impact."

Microsoft did not release a much-anticipated patch for its SQL Server software Tuesday, and security experts say that the flaw is a prime candidate to be fixed in next month's updates, due Feb. 10. The researcher who disclosed the flaw said recently that Microsoft has known about the issue since April, and had written a patch for it back in September.

Microsoft also took steps to curb growing exploitation of a bug in its Windows Server service, which was patched late last year. On Tuesday, it released an updated version of its Malicious Software Removal Tool designed to root out a worm that has infected millions of PCs in the past few months. On Monday, Symantec said that it had seen computers from more than 3 million different Internet Protocol addresses try to connect with the worm's command and control server.

This worm, which is known by a variety of names including Downadup and Conficker, has been spreading with particular virulence over the past three weeks, security vendors said.

Although there will be a lot of new enterprise patches by day's end, Qualys Chief Technology Officer Wolfgang Kandek said he expected that most users would start with the Microsoft fix and take much more time to test the Oracle and BlackBerry updates. "People have high-value systems running on this, so they're very leery to disrupt their operations," he said.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags WindowsRIMOracle

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?