Microsoft fixes critical Windows kernel, WINS flaws

Microsoft today shipped three security bulletins with fixes for at least 8 documented vulnerabilities affecting millions of Windows OS users.

The most serious of this month's patch batch is rated "critical" and could allow full remote execution attacks if a Windows user is simply lured into viewing a booby-trapped image file.

The skinny on the March 2009 bulletins:

• MS09-006: (CRITICAL) Provides cover for three newly discovered and privately reported vulnerabilities in Windows, which could allow remote code execution if a user viewed a specially crafted EMF or WMF image file from an affected system.  These vulnerabilities affect all versions of Windows, including Vista and Windows Server 2008.  Microsoft expects to see exploit code for these flaws but reckons the reliability will be "inconsistent."
• MS09-007: (IMPORTANT): This bulletin includes a patch for a solitary vulnerability in Windows, which could allow spoofing if an attacker gains access to the certificate used by the end user for authentication.  Again, Microsoft says "inconsistent exploit code" is likely.   The bulletin is available for all versions of Windows -- Windows 2000 through Windows Server 2008.
• MS09-008 (IMPORTANT): This update resolves two privately reported vulnerabilities and two publicly disclosed vulnerabilities in Windows , which could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems. Microsoft says the patches correct the way that Windows DNS servers cache and validate queries, and by modifying the way that Windows DNS servers and Windows WINS servers handle WPAD and ISATAP registration.  For these issues, Microsoft warns that "consistent exploit code" is likely.

Windows users should treat the "critical" bulletin with the highest possible priority.