Sophos takes rare step of citing Microsoft flaw as a must-fix

16.04.2015
Sophos generally steers clear of pointing to a single patch from Microsoft's Patch Tuesday, but is breaking its own rule this month by highlighting one it says can prevent a world of hurt.

The patch -- MS15-034 -- addresses a bug that could allow remote-code execution on a victim machine, and that can be exploited via any application using Microsoft's http stack, according to the Sophos Naked Security blog.

"As far as we can see the bug affects pretty much any Windows software that uses Microsoft's HTTP stack to respond to HTTP requests, whether that software runs on desktops, laptops or servers," writes Paul Ducklin, a senior security adviser at Sophos.

The practical implications of successfully exploiting the bug are access to SYSTEM privileges, installation of network worms that can spread on their own and complete takeover of affected machines, he writes. A proof-of-concept exploit of the flaw exists on the Internet and could trigger a buffer overflow on affected devices, "which could be distracting and time-consuming when you review your logs."

The breadth of such software and the potential for exploits to control entire machines caused him to break with the general rule of not highlighting individual patches. Doing so, he says, focuses security pros on fixing that patch first perhaps at the expense of installing other less critical ones that really ought to be installed.

Ducklin flagged just one of 11 bulletins Microsoft issued this month that address a total of 26 vulnerabilities. Three others are also ranked critical by Microsoft, but they didn't rise to the level of being singled out by him.

(www.networkworld.com)

Tim Greene