Shavlik CTO Eric Schultze has backed off an early analysis of the Microsoft SMB bulletin, apologizing to customers...
for issuing an analysis that called it a "super critical patch" that should be installed right away.
Microsoft's MS09-001 bulletin, addressed two critical remote code execution vulnerabilities and a denial-of-service flaw in the way the server handles SMB packets. Other patch management experts called the security update a "fine tuning" of an earlier MS08-068 bulletin issued in November.
Schultze's initial comments warned that a worm could be released to exploit the flaw "in the near future."
"If a worm is released, and that worm makes it into a corporate network, it will make swiss cheese of that network relatively quickly," he said in a statement.
Schultze said his commentary was based on an initial review of the Microsoft security bulletin. A further review of the bulletin summaries gave the flaws an exploitability index of 3, making functioning exploit code unlikely, Schultze said. An additional Microsoft blog post on the bulletin also made Schultze revise his initial comments.
"This is potentially a very bad flaw - but Microsoft has assured us that the knowledge required to exploit this is quite high, is unlikely to be available to the attacker, and even in those cases where the information can be obtained, the ability to actually get exploitable code is infinitesimally small, therefore the risk on this should be considered as something lower than the 'Critical' rating which Microsoft has assigned," Schultze wrote in the Shavlik website.
"So here's my official apology for crying wolf on this issue when I should have done my due diligence and read all three Microsoft locations before offering my opinion on this issue," he said.
Still, Schultze and other patch management specialists urge customers to deploy the patch. The update should be easy to deploy and will require a restart.