Don't dawdle on Microsoft latest batch of patches

Don't dawdle on Microsoft latest batch of patches

Summary: If you're like most folks you are taking your time installing Microsoft's latest round of security patches. However, you may want to get your rear end in gear.

TOPICS: Microsoft, Security

If you're like most folks you are taking your time installing Microsoft's latest round of security patches. However, you may want to get your rear end in gear.

Specifically apply MS08-001, which was released on Jan. 8. That patch fixed a Transmission Control Protocol/Internet Protocol (TCP/IP) processing vulnerability that was critical for XP and Vista.

The vulnerability if left unpatched could lead to a worm attack. Ryan Naraine interviews the hacker that brought the bug to Microsoft last August and the details are worrisome.

So how can this turn into a worm attack? Immunity has issued a proof of concept attack for the vulnerability (available to customers). It's a just a matter of time before this code goes into the wild.

Ryan appears to be sold on the idea of a potential worm attack. I agree just based on odds--we haven't been hit with a serious worm for two years.

Microsoft has noted that the latest flaw isn't likely to lead to a worm attack in real-world conditions. Then again, Microsoft has spent some serious digital ink on its Security Vulnerability Research and Defense blog over MS08-001. "We think successful exploitation for remote code execution is not likely," says Microsoft.

Is that a fact or a challenge? Hackers are likely to choose the latter.

Simply put, Microsoft didn't have a lot of patches to kick off 2008, but the ones it delivered shouldn't be ignored.

Naturally there are complications. The biggest one is that this patch may not be easy to install.

Holly Stewart at IBM ISS sums it up:

MS08-001 poses some unique problems from a remediation and protection standpoint. First of all, you have the update itself. It changes the core TCP/IP driver, and does so for a very good reason. If you don't already know the severity of CVE-2007-0069 patched in MS08-001, let me just say a few words here...

* affects all currently supported Microsoft operating systems * on by default except on 2003 Server * remotely exploitable * requires no user interaction

This equals bad.

In addition, this patch may break your apps.

Stewart writes:

Although I'm sure Microsoft has quality standards way beyond my wildest QA department fantasy, and I know they have a huge lab and excellent program dedicated to interoperability, it is difficult to predict how driver changes will interact with everything. If I were a customer running a network with a lot of home-grown apps that tapped into network drivers, this update would scare the bejesus out of me.

Scary your not, you need to take this Microsoft patch batch seriously. That said, I don't envy IT folks that have to implement this patch. Critical patch and broken apps could be ahead.

Topics: Microsoft, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • I may have my gripes, but MS does keep up on security patches.

    I'll give them credit for that.
    • August to January isn't "keeping up" with ANYTHING

      The bug was shown to them (they didn't find it themselves) LAST SUMMER.
  • After a recent patch killed the connection between... PC and my MP3 player, I'll take my time with any "patch" M$ sends...

    ... Including blacklisting any other "patch" that interferes with my system.
    Mr. Roboto
  • I'm in the mon-ey, I'm in the mon-ey

    Every time they patch, things stop working. Things people pay me to fix.

    This round should be good for that new HD video camera I've been wanting.

    Go Microsoft! ROFL!
    • Bull

      Name the application their patch has broken in the last year.
      • I can't quite figure out which one...

        but after the last round of patches my Sickbooks Enterprise Edition 8 died. Just one of those things or a real issue I don't know. All I know was I had to do a complete reinstall of XP to get it back up and going.

        The others in the organization are running Sickbooks on W2K so I had no issues. I still think W2k is THE BEST OS ever written.

        Gotta' go, installing SuSE on a new server.
      • Agreed!

        I probably have as sophisticated a set of apps as anybody and I have rarely had a problem due to a patch. Those few times it wasn't the patch itself but the installation that caused the problem and in those cases it was usually due to an existing problem on the system. Because once the problems were fixed the patch would install correctly and life was good again.
      • Too easy!!

        How about their own apps - MS Office...just last week we read all about the file format issue after the SP.
      • Message has been deleted.

        • Dude, calm down.

          You're gonna pop an artery the way you're going.

          Take a deep breath and relax.
          Hallowed are the Ori
        • deleted again!

          You should unsubscribe... :)
      • OK, here are 2

        Opera 9.22, Maxthon 1.57 Build 82 Unicode, and several other programs which used the DNS function.
        After applying the patch DNS would not work.
        I could reach my routers, ATA, etc by uisng the IP address in the browsers.
        Admitted, the problem might be in the apps,(4 different ones) and not in the change in TCP/IP made by the patch, but I would guess there is an affininity which is not being fulfilled.

        Only about 75% of patches go on my XP systems.
        I never apply patches which fix applications or components of XP which I do not use, such as WMP, Netmeeting and many others.

        I've seen what patches can do in the mainframe world and know from experience to not patch a part of the OS that is not used.

        So here is one, which I do directly attribute to MS. They are not perfect. Neither was IBM in the mainframe world.
        There were numerous times they were caught writing code which did not follow their API.
        I'm still astounded that an OS as complex and versatile as Windows runs with as few problems as it does, BUT with as much different hardware and software as it runs there WILL be times when a patch will cause SOME apps to not run on SOME machines.
      • Not sure just what broke..

        We installed the patch on test machines as part of our testing before dummping it out to the rest of the computers.

        Several issues with web browsers having trouble opening web pages, one corporate application (basically a GUI wrapper around a Telnet session) running off a backend server had issues with connections (PowerTCP would not squiggle).

        One system that puked when it restarted after the install -- Windows XP would start up to just before the CTRL-ALT-DEL to login screen, flash a blue screen and restart. That one was re-imaged to our standard image and took the update so Ghod alone knows why it puked the first time and she ain't talking.

        We're holding off on deploying it until that PowerTCP issue is fixed -- psyroll runs off that application/server!

        As usual, YMMV.
      • Wrong side of the tech trend, buddy

        You're on the wrong side of the learning usual, Axie.

        But I'm sure you'll be able to stay employed jumping to one of the diminishing number of Windows only businesses.

        Good luck with that.
      • Answering this is like clubbing baby seals

        But it's fun to watch you sticking to your guns.
    • Well, I'm glad the patch is good for SOMEONE!

      I ought to try that -- but people will ask what I use to stay free from this stuff, and they'll switch to Linux, and I'll be out of a job!
  • The gap narrows

    Let's just cast our minds back .. to the endless MS fan-boy posts about Linux and how it was so complicated and the average user doesn't want to be fiddling around with command lines and recompiling kernels and green screens and Microsoft's greatest gift to mankind was useable computers yaydadadadadda.

    And then- cut to the today- the latest patch required to keep your PC minimally infested with Windows specific malware isn't just (quote) Difficult to install, it also (quote) may break some applications!

    Microsoft. Yesterdays's technology, today.
    • Give us the full quote!

      [i]it is difficult to predict how driver changes will interact with everything[/i]

      Nowhere does she say that it will break applications or even that it might, she only says that it is difficult to predict, which is the case with all patches from all vendors. I even had a video driver update break X11 (temporarily) on my Linux media PC, gasp!

      I might also point out that the author of the quote is from IBM, a competitor of MS. If an MS spokesperson claimed that the latest OS X patch was [i]difficult to install and may break some applications[/i], would you believe them?

      Finally, I'm actually looking at the article and trying to understand how this one is difficult to install? Can you please point out to us how this patch is "difficult to install"? Nowhere in her article does she say it, this is something that Larry added and seems to have added without any evidence to support the claim.

      Nice try though, I'll give you an A for effort! :)
      • Agreed

        Hi, this is Holly, the author of that quote. My blog post was not meant to imply that this update was more difficult to install than any others, and I wasn't trying to pick on MS for their driver updates. As a security software/service vendor (within the greater IBM organization), we do driver updates, too. I know how tricky they can be. MS actually has a really incredible interoperability program where they test all of their updates with other programs. I personally believe that they probably try harder than most any other vendor to get their updates "right" the first time. And just a tiny comment about IBM as a competitor. When you have two giants like IBM and Microsoft, they have to be competitors and partners at the same time. Internet Security Systems has been a technology partner of Microsoft for many, many years, including their interoperability program. The intention of my post was to convey the complexities of trying to protect against possible exploits to this vulnerability. The fact that it's a driver update is just one small component! :)
        • Good reply, Holly...

          Business cooperation is just plain redundant for most day to day operations. Nobody can ingnore the bottom line. Everyone makes more money, or LOSES less money by smart cooperation and cordination. Whether a partner or not it IS the reality.