Well it is a new year and we have a new Microsoft Security issues to worry about. The thing is Microsoft’s new vulnerability exploitability index is downplaying the actual risk from the vulnerabilities.

The advisory listed as MS09-001 is rated as Critical however their new exploitability index only gives the issues a three. For some reason this indicates that Microsoft thinks that exploit code for the issue is unlikely.

So the patch contains fixes for three vulnerabilities, two of the vulnerabilities can result in remote code execution which when successful will result in system compromise. The issues affect all versions of Windows from Windows 2000 SP4 to Windows Vista and Windows 2008.

SMB Buffer Overflow Remote Code Execution Vulnerability, this issue is a remote, pre-authentication vulnerability affecting the Windows Kernel. It happens as Windows fails to sufficiently validate Server Message Block (SMB) protocol data, an attacker can a malicious packet to trigger memory corruption in the Windows kernel that would result in code execution.

SMB Validation Remote Code Execution Vulnerability, this issue is again is a remote, pre-authentication vulnerability affecting the Windows Kernel. Again it is a result of poor validation of Server Message Block protocol data that will if exploited result in a code execution opportunity.

Finally there is an issue that could result in a denial of service attack, if triggered the result causes the Windows host to blue screen and crash.

Unfortunately for Windows users all the issues are pre-authentication, i.e. THEY DO NOT NEED LOGIN INFORMATION. There is already a large chunk of the both Whitehat and Blackhat Info Sec community working on producing exploits, as a result Microsoft’s exploitability classification looks a bit crap at this point.

So as usual Microsoft get their classification wrong and try to downplay how dangerous the issue really is. Simple solution get this patch installed as soon as possible.