The latest… latest, vulnerability analysis

Well, it’s about that time… Microsoft recently released their August 2009 Security Bulletin and, in turn, we’ve updated our vulnerability analysis page . This month’s update patches several important vulnerabilities that even the most diligent security-conscious web users should watch out for.

MS09-037MS09-038 and MS09-043 all resolve  vulnerabilities  ( in  Microsoft ATL,  .avi handling  and Microsoft Office Web Components )  that can allow an attacker to run code via drive-by browsing or accessing email attachments.

MS09-039 patches a vulnerability in WINS ( Windows Internet Name Service ). Though not a vulnerability that will affect Windows Desktops, it is worthy of attention as attackers can initiate this attack remotely. Attackers don’t require any operator-activity on the target system. If an attacker has network access to vulnerable WINS services – they can potentially exploit this to gain access to that system.

The disclosure I found the most interesting was MS09-042. MS09-042 fixes a challenge-response reflection vulnerability with some versions of Telnet. I’m not sure which part is the most interesting; that the NTLM challenge response could have been abused to gain access to the system initiating the connection – or that it was Telnet that was getting patched.

It’s been a while since I’ve used Telnet. Over the years Telnet gathered a reputation for not being the most secure protocol. When it was originally developed ( in the 1960s ! ) little to no attention was paid to security.  It appears Telnet’s come along way over the years, with new implementations like TLS-Telnet. The recent implementations aren’t as insecure as I initially supposed they’d be.

On a further historical note, it also appears that it’s been one year to the day since SophosLabs formed a dedicated vulnerability analysis team to post information about newly discovered exploitable vulnerabilities in Microsoft’s and other companies’ products.

If you’ve found our vulnerability posts to be valuable – or  have some suggestions for how we can better serve you, please let us know at sophosblog@sophos.com