Microsoft, RIM, Oracle release critical patches

The beta version of Microsoft's upcoming Windows 7 operating system is affected by one of the flaws.

Microsoft kept things to a minimum with its first set of security updates for 2009, but corporate system administrators who were expecting a quiet week got something else altogether, thanks to Oracle and Research In Motion.

Oracle is expected to release its quarterly Critical Patch Update Tuesday, which will include 41 security patches in its database and enterprise software products. On Monday, RIM released an "interim" patch for its BlackBerry Enterprise Server and BlackBerry Professional Software, fixing a critical flaw in the way those servers process PDF documents.

Microsoft's update is important, too. It fixes three bugs in the Windows Server Message Block (SMB) file and print service. "An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights," Microsoft said in its Security Bulletin explaining the problem.

The update is rated critical for Windows 2000, XP and Windows Server 2003, but moderate for Vista and Windows Server 2008. The beta version of Microsoft's upcoming Windows 7 operating system is affected by one of the flaws, but since Microsoft doesn't fix beta software in its monthly security updates, beta testers will have to wait until the next public release of Windows 7 for a fix.

Because of the nature of the flaws, Microsoft doesn't think that it's likely that attackers will be able to write attacks that let them install unauthorized software on a victim's machine, but one hacker has already released code that he says can be used to make an unpatched Vista system crash. That's known as a denial-of-service attack.

One of the hackers most likely to try to exploit these bugs, Metasploit developer HD Moore said Tuesday that he agreed with Microsoft's assessment. In a Twitter message Tuesday he said he was "giving up on finding exploitable vectors" for the bug.

In a Tuesday blog posting explaining the risks of an attack, Microsoft said that corporate users should patch "SMB servers and Domain Controllers immediately since a system DoS would have a high impact."

Microsoft did not release a much-anticipated patch for its SQL Server software Tuesday, and security experts say that the flaw is a prime candidate to be fixed in next month's updates, due Feb. 10. The researcher who disclosed the flaw said recently that Microsoft has known about the issue since April, and had written a patch for it back in September.

Microsoft also took steps to curb growing exploitation of a bug in its Windows Server service, which was patched late last year. On Tuesday, it released an updated version of its Malicious Software Removal Tool designed to root out a worm that has infected millions of PCs in the past few months. On Monday, Symantec said that it had seen computers from more than 3 million different Internet Protocol addresses try to connect with the worm's command and control server.

This worm, which is known by a variety of names including Downadup and Conficker, has been spreading with particular virulence over the past three weeks, security vendors said.

Although there will be a lot of new enterprise patches by day's end, Qualys Chief Technology Officer Wolfgang Kandek said he expected that most users would start with the Microsoft fix and take much more time to test the Oracle and BlackBerry updates. "People have high-value systems running on this, so they're very leery to disrupt their operations," he said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags WindowsRIMOracle

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?