October 8, 2009 12:07 PM PDT

Microsoft to patch zero-day SMB, IIS holes

by Elinor Mills
  • Font size
  • Print
  • 7 comments

Microsoft on Thursday said it will provide a fix next week for zero-day flaws in Microsoft Server Message Block (SMB) and Internet Information Services (IIS) that could allow an attacker to take control of a computer.

Those are just two of the 34 vulnerabilities addressed in 13 bulletins (eight of which are critical and five of which are rated important) that will be fixed during Patch Tuesday, according to a blog post on the announcement. The bulletins affect Windows, Internet Explorer, Office, Silverlight, Forefront, Developer Tools, and SQL Server, the advisory shows.

The SMB flaw was reported a month ago. At the time, Microsoft said it affected Vista, Windows Server 2008, and the "release candidate" version of Windows 7, but not the final version that was completed in July. Windows Server 2008 R2 is not vulnerable, and neither are the earlier Windows XP and Windows 2000 operating systems.

Microsoft, which previously released a temporary fix for the SMB hole, reported the IIS flaw in the File Transfer Protocol in August. Its its advisory says there have been limited attacks that use the IIS flaw exploit code, which was posted on the Milw0rm Web site, according to IDG News Service.

Update 2:56 p.m. PDT: Also on Thursday, Adobe Systems announced that it will release an update Tuesday that will resolve a critical vulnerability in Adobe Reader and Acrobat 9.1.3 and earlier on Windows, Macintosh and Unix that has reportedly been exploited in the wild in limited targeted attacks.

"Adobe Reader and Acrobat 9.1.3 customers with DEP enabled on Windows Vista are protected from this exploit," Adobe said in an advisory. "Disabling JavaScript also mitigates against this specific exploit, although a variant that does not rely on JavaScript could be possible."

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

Security,

Consumer software and hardware

Tags:

Microsoft,

Patch Tuesday,

Windows,

Office

Share:
Digg
Del.icio.us
Reddit
Recent posts from InSecurity Complex
Web-based Lookout protects mobile devices, data
Using Facebook and Twitter safely
Firefox, Adobe top buggiest-software list
Adobe to patch zero-day Reader, Acrobat hole
Keeping Uncle Sam from spying on citizens
Facebook sues men for allegedly phishing, spamming
Scammers exploit Google Doodle to spread malware
Symantec confirms zero-day Acrobat, Reader attack
Related
Firefox, Adobe top buggiest-software list
Microsoft plugs zero-day IE hole
Symantec confirms zero-day Acrobat, Reader attack
Microsoft to plug critical IE hole targeted by exploit code
Adobe to patch zero-day Reader, Acrobat hole
Week in review: A matter of antitrust
CNET News Daily Podcast: Facebook readies new privacy requirements
CNET News Daily Podcast: Google gets into the link-shrinking biz
Add a Comment (Log in or register) (7 Comments)
  • prev
  • 1
  • next
by shellcodes_coder October 8, 2009 8:10 PM PDT
At least the updates won't be like 200-300 MB like updates for OS X. Way to go :)
Reply to this comment
by dhavleak October 9, 2009 4:20 AM PDT
So unnecessary dude.. this is how everything turns into a useless flamewar..
by medanat October 9, 2009 9:31 AM PDT
No one is biting, good.
by slapppy October 9, 2009 11:29 AM PDT
Which Mac users have no problem doing on their own.

Unlike the itsy bitsy MS updates that MUST require IT intervention which helps fund their pay and jobs. If it were as smooth as Mac OS X updates, there will be less IT staffing required.
by darthgerber October 9, 2009 9:56 AM PDT
Elinor,
Do you know if Server 2003 is affected? Thanks!
Reply to this comment
by shellcodes_coder October 10, 2009 8:28 AM PDT
nope it's not
by dagensitforreal October 10, 2009 4:03 PM PDT
What I would like from Microsoft is a OS that is just up and running - with all it's under laying components like just work...
Why the h**l does the OS always need patches and fixes???
It takes to much time out of my life. Jobs is by no way a saviour. But...so much easier on the mind.
Windows-talibans are usually found in corp IT DEPT...
Reply to this comment
(7 Comments)
  • prev
  • 1
  • next
advertisement

15 sites that went kaput in 2009

Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.

Top 10 news stories of the decade

Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.

About InSecurity Complex

Elinor Mills became fascinated with hacker culture when she was sent to Las Vegas to cover DefCon in 1995. Since then, script kiddies have given way to cyber criminals targeting bank passwords, and privacy risks are everywhere, from Google to Facebook and the iPhone. InSecurity Complex keeps tabs on the flaws, the foibles, and the fixes.

Add this feed to your online news reader

InSecurity Complex topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET