Microsoft just released their monthly patches.
It contains:
- one important patch (LSAS, local exploit)
In my opinion, especially important for systems like terminal servers or shared multi-user systems. - one highly critical patch (vulnerability in TCP/IP stack)
The reason why I am writing about this and put the TCP/IP vulnerability in bold is that this is one which goes against the trend. It is a remotely exploitable vulnerability on the network level. A crafted IGMP / ICMP message triggers the exploit. Even Vista is vulnerable out of the box (for the IGMP part, not for the ICMP part).While the trend is moving more and more to 3rd party applications and no longer pure network worms, this is a vulnerability which is perfect to create a network worm. It can be mitigated by classic protections:
<quote from Microsoft>
Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. Perimeter firewalls that block multicast traffic (IGMPv3 and MLDv2 specifically) help protect internal network assets from this attack that originate outside of the enterprise perimeter.
</quote from Microsoft>
Another observation is that the past months, we have seen several vulnerabilities for MS Vista. Interesting enough Windows Vista was the first OS to be spawned from Microsoft’s Security Development Lifecycle, a process designed to produce more secure products. Although Microsoft is one of the ONLY software vendors who follows these strict security development and patching guidelines (not even security vendors like McAfee, Symantec,..do so !), it is not perfect yet. But at least, they are already on a good path.
