This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.
from: Marc Liron:Microsoft MVP
Microsoft today released a series of patches to cover security issues in the Windows operating system and Office.Here are the details on this month’s critical bulletins:MS09-050 – Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)This security update resolves one publicly disclosed and two privately reported vulnerabilities in Server Message Block Version 2 (SMBv2). The most severe of the vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB packet to a computer running the Server service.
from: Tenable Network Security
Black Tuesday This month Microsoft released 13 new security advisories. While 13 sounds like a moderate number, digging into each of the security advisories reveals that each one actually patches multiple vulnerabilities, bringing the grand total to 34 individual vulnerabilities. Couple that with the recent Adobe announcements disclosing 29 vulnerabilities with the Adobe Reader product and release of the associated patches and administrators have their work cut out for them .(Note that Nessus plugins have been released to detect these vulnerabilities, refer to plugin id 42119 and 42120 ).
from: Cliff Hobbs - FAQShop.com and Microsoft MVP ConfigMgr/ SMS
Summary The following bulletins have undergone a minor revision increment. Please see the appropriate bulletin for more details. * MS09-062 - Critical * MS09-059 - Important * MS09-055 - Critical * MS09-051 - Critical * MS09-050 - Critical * MS09-046 - Critical Bulletin Information: * MS09-062 - Critical - http://www.microsoft.com/technet/security/bulletin/ms09-062.mspx - Reason for Revision: V1.1 (October 14, 2009):
from: Red Gecko
Ladies and gentlemen, we have a new record. Microsoft's Security Bulletin for October 2009 consists of a whopping 13 patches that address 34 outstanding vulnerabilities. I suppose the good news is that the SMB flaw that's had exploit code in the wild for the last month is included in the patch release, so we'll finally have some closure on that. Two critical patches target Windows 7, making them the first fixes officially released by Microsoft for their newest platform.
from: Microsoft Windows
What an utter disaster this month has been for Microsoft on the security patches. I had a chance to start working on this edition before the security patches were announced, and I was so pleased at how few items there were. And then, we saw 13 (yes, thirteen ) security bulletins published, most of which are for “critical” vulnerabilities. The silver lining is that Windows 7 and Windows Server 2008 R2 were barely scathed, and most of the time, it was for shared components, not the operating system itself.
from: Longjidin's Kg Lengkong to Bukit Lada
The recent SMBv2 vulnerability (CVE-2009-3103) in Microsoft Windows has gotten a lot of attention in the past few weeks. We decided that given the publicity and nature of the vulnerability, it would be interesting to post a threat analysis. With the release of Stephen Fewer’s Metasploit module to exploit this vulnerability, technical details of the vulnerability are now publicly available.Our analysis was limited to static binary analysis of srv2.sys and srvnet.sys.
from: Thoughts of a Technocrat
On Sept 7th, Laurent Gaffié released a security advisory and a Proof of Concept code on his blog that generated a B.S.O.D in Windows Vista, Server 2008 array indexing error in the srv2.sys kernel driver . This can be exploited to dereference out-of-bounds memory via a specially crafted SMB packet. On Sept 8th, Microsoft released Security Advisory (975497) indicating they were investigating new public reports of a possible vulnerability in Microsoft Server Message Block (SMB) implementation.
from: Visible Procrastinations
A current zero day in the MS SMB2 protocol that deserves attention. … Our investigation has shown that Windows Vista, Windows Server 2008 and Windows 7 RC are affected by this vulnerability. Windows 7 RTM, Windows Server 2008 R2, Windows XP and Windows 2000 are not affected by this vulnerability. … [1] … The exploit needs no authentication, only file sharing enabled with one 1 packet to create a BSOD. We recommend filtering access to port TCP 445 with a firewall.
from: ThreatBlog
Some traffic has crossed my radar concerning a 0-day exploit that apparently enables a remote attacker to crash a Vista or Windows 7 system with SMB enabled (and according to subsequent reports, Server 2008). The original post and exploit are claimed to demonstrate the possibility of a Blue Screen Of Death (BSOD) and (normally) an automatic reboot when the SMB2 driver fails to handle malformed headers correctly.
