By Robert McMillan
September 8, 2009
IDG News Service
Microsoft has released its security updates for the month of September,
but a couple of unpatched flaws have some security experts wondering if
the software company will be forced to release an emergency patch
sometime in the month ahead.
Security researchers believe that an unpatched flaw in the SMB (Server
Message Block) 2 software that ships with Windows Vista and Windows
Server 2008 could turn into a major headache.
Proof of concept code showing how the bug could be leveraged to crash a
Windows machine was posted Monday to the Full Disclosure mailing list by
But security experts believe that more serious attacks are possible.
Kostya Korchinsky, a senior security researcher with security-assessment
software vendor Immunity, said the flaw could be exploited in a
privilege-escalation attack. This type of attack is used once the
attacker has already found a way to run software on the victim's
machine. It gives the hacker a way of accessing system resources that
would otherwise be prohibited.
Please Donate to the Ron Santo Walk to
Cure Diabetes with Ethan's Crew!