MS09-001

MS09-001 is a super critical patch to install right away. This vulnerability is similar to what prompted the blaster and sasser worms a few years ago. We expect to see a worm released for this in the very near future.

This flaw enables an attacker to send evil packets to a Microsoft computer and take any action they desire on that computer – no credentials required. The only pre-requisite for this attack to be successful is a connection from the attacker to the victim over the NetBIOS (File and Printer Sharing) ports (tcp 139 or 445). By default, most computers have these ports turned on.

While these ports are usually blocked on Internet firewalls and personal firewalls, these ports are typically left open in a corporate network. If a worm is released, and that worm makes it into a corporate network, it will make swiss cheese of that network relatively quickly.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: