Shavlik apologizes for hyped Microsoft patch analysis

Shavlik CTO Eric Schultze said the Microsoft SMB bulletin could not be as easily exploited as he wrote in his initial analysis.

Shavlik CTO Eric Schultze has backed off an early analysis of the Microsoft SMB bulletin, apologizing to customers for issuing an analysis that called it a "super critical patch" that should be installed right away.

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Microsoft's MS09-001 bulletin, addressed two critical remote code execution vulnerabilities and a denial-of-service flaw in the way the server handles SMB packets. Other patch management experts called the security update a "fine tuning" of an earlier MS08-068 bulletin issued in November.

Schultze's initial comments warned that a worm could be released to exploit the flaw "in the near future."

"If a worm is released, and that worm makes it into a corporate network, it will make swiss cheese of that network relatively quickly," he said in a statement.

Microsoft updates:
Jan. 13 - Microsoft updates critical SMB server flaws:  The latest Microsoft security update addresses two critical remote code execution vulnerabilities and a denial-of-service flaw in the Server Message Block.

Dec. 17 - Microsoft issues emergency patch to fix IE flaw: The software giant repaired a dangerous flaw being exploited if a user browses some legitimate websites. 

Dec. 16 - Microsoft updates code analysis tool, SQL injection XSS library: The tools for developers help identify flaws to protect enterprise applications against SQL Injection and cross site scripting attacks.

Schultze said his commentary was based on an initial review of the Microsoft security bulletin. A further review of the bulletin summaries gave the flaws an exploitability index of 3, making functioning exploit code unlikely, Schultze said. An additional Microsoft blog post on the bulletin also made Schultze revise his initial comments.

"This is potentially a very bad flaw - but Microsoft has assured us that the knowledge required to exploit this is quite high, is unlikely to be available to the attacker, and even in those cases where the information can be obtained, the ability to actually get exploitable code is infinitesimally small, therefore the risk on this should be considered as something lower than the 'Critical' rating which Microsoft has assigned," Schultze wrote in the Shavlik website.

"So here's my official apology for crying wolf on this issue when I should have done my due diligence and read all three Microsoft locations before offering my opinion on this issue," he said.

Still, Schultze and other patch management specialists urge customers to deploy the patch. The update should be easy to deploy and will require a restart.

This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close