January 2009 Monthly Security Bulletin Release

Just a quick FYI that we released Microsoft Security Bulletin MS09-001 today.  This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft Server Message Block (SMB) Protocol. The vulnerabilities could allow remote code execution on affected systems. An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

For the official bulletin and download links see http://www.microsoft.com/technet/security/Bulletin/MS09-001.mspx

Additional notes and details from the Microsoft Security Response Center: http://blogs.technet.com/msrc/archive/2009/01/13/january-2009-monthly-bulletin-release.aspx

The Microsoft Security Vulnerability Research and Defense (SVRD) has a post that provides additional information that will help prioritize the deployment of this update and help explain the risk for code execution: http://blogs.technet.com/swi/archive/2009/01/09/ms09-001-prioritizing-the-deployment-of-the-smb-bulletin.aspx

J.C. Hornbeck | Manageability Knowledge Engineer