Februrary 2009 Microsoft Security Bulletins

Filed Under: SophosLabs, Vulnerability

Despite the lack of high profile vulnerabilities in Microsoft products discovered out-of-band in January, February batch of Microsoft Security bulletins brings patches for vulnerabilities that are bound to raise some interest with malware writers, which also means that SophosLabs are very interested to discover how to prevent potential attacks.

Probably the most interesting bulletin is MS09-002 which fixes a couple of vulnerabilities in Internet Explorer 7, both with potential to launch code remotely. Since infections through visiting malicious web pages are common, it is safe to expect that malware writers will invest time to find out how to exploit these issues. We have not seen any successful attempts to exploit these vulnerabilities in the wild yet, but we will keep our eyes wide open and make sure we update you if we discover any.

MS09-003 is also quite interesting as it has a potential to compromise Microsoft Exchange mail stores. As you know, Microsoft Exchange is the most commonly used SMTP server product in Windows environment and the number of exposed hosts affected by this vulnerability is high. Furthermore, exchange servers often store many other confidential data and it is very important that the security patch for this issues is applied as soon as possible. Again, we have not seen any samples actively exploiting this issue.


MS09-004
fixes a problem in Microsoft SQL Server product. This vulnerability could potentially be exploited through SQL injection and the administrators are advised to apply the security patch as soon as possible, especially for servers exposed to various web applications accessible from external networks.

As usual in SophosLabs, we have written our analysis of patched vulnerabilities and assigned them SophosLabs threat level:

MS09-002. Critical Cumulative Security Update for Internet Explorer (961260)
MS09-003. Critical Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
MS09-004. Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Vanja is a Principal Virus Researcher in SophosLabs. He has been working for Sophos since 1998. His major interests include automated analysis systems, honeypots and malware for mobile devices. Vanja is always ready for a good discussion on various security topics.