Three of yesterday’s “Patch Tuesday” secbuls were marked as “Critical”: MS05-025, 026, and 027, affect IE; HTML help in Windows 2000, XP, and Server 2003; and theServer Message Block (SMB) protocol in Windows 2000, XP, and Server 2003.
MS05-027, the flaw in the SMB protocol (used to share files, printers, and serial ports, and to communicate between computers) is teh one to get cracking on PDQ.
“Neel Mehta, a team leader with Internet Security Systems’ X-Force security research group, named it as his number 1 threat “because of its scope and the fact that user authentication’s not required, nor user interaction.” Writing an exploit for the SMB bug won’t be easy — Mehta called it “fairly challenging” — but he said it wouldn’t be long, perhaps within the week, that an exploit appeared. “It’s actually more potentially dangerous than the February vulnerability in SMB,” he added. “We’re going to be tracking this carefully.”
Windows XP SP2 users who have left the by-default-enabled Windows Firewall in place are protected to some extent, said several of the researchers interviewed, since it automatically blocks the external ports used by the SMB service. “But if someone has disabled the firewall, or has turned file sharing on,” Mehta explained, “they could be hit.”
“Alfred Huger, vice president of engineering for Symantec’s security response team is quoted “Both the PNG and HTML (025 and 026) vulnerabilities are dangerous because they can affect so many end targets. Essentially, anyone with IE that’s unpatched is at risk. And we’ve seen how fast phishers and rogue Web sites are in picking up on graphics vulnerabilities.” Like Mehta, Huger expects to see vulnerabilities soon. “There will be exploits within the week,” he said, of the PNG bug.