Microsoft Patch Tuesday bug is scary

Or at least that's what the security experts are saying.

The first Patch Tuesday fix of 2009 put out by Microsoft addresses a dangerous security vulnerability in its Server Message Block (SMB) protocol, or so say some insecurity experts.

Microsoft says it believes that exploits are unlikely, rating patch MS09-001 at a three on its exploitability index scale. But researchers say users should not neglect to apply the patch, because a successful exploit would enable an attacker to execute arbitrary code or mount a denial-of-service attack without first needing to steal a password to acquire authorisation.

That's because the vulnerability exists in Netbios protocol ports, which are "almost always guaranteed to be open for Windows to function," according to Amol Sarwate, manager of Qualys' vulnerability research lab.

The patch is labeled 'critical' for Windows XP, 2000 and 2003, because those versions have Netbios enabled by default, but is tagged as only 'moderate' for Windows Vista and Server 2008, since those versions have Netbios disabled by default. Many corporate servers have Netbios ports open because those are used for performing remote management activities.

However, unless remote attackers can construct TCP packets that encapsulate malicious Netbios datagrams, most servers should not be terribly vulnerable, because Netbios is an unroutable protocol.

Unless of course the attackers are inside your firewall, on your LAN.