UpdatesDescription: This security update resolves several privately reported vulnerabilities in Microsoft Server Message Block (SMB) Protocol. The vulnerabilities could allow remote code execution on affected systems. An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. The security update addresses the vulnerabilities by validating the fields inside the SMB packets.

Update type: Moderate

Release date: January 13, 2008

Applies to: All

Knowledge base: http://support.microsoft.com/kb/958687

Download link: 32-bit | 64-bit

Comments: Here are the specifics on the vulnerabilities covered by this update:

  • SMB Buffer Overflow Remote Code Execution Vulnerability – CVE-2008-4834
  • SMB Validation Remote Code Execution Vulnerability – CVE-2008-4835
  • SMB Validation Denial of Service Vulnerability – CVE-2008-4114

3 Replies to “KB958687”

  1. We have found that a Microsoft emergency fix (KB958687/MS09-001) seems to have a negative impact on WebSphere Windows services, leaving ALL WAS (6.1 maybe other WAS levels also) services in an inoperable state. While our experiance is on a Windows 2003 server OS, I feel it worth posting here also, incase anyone is running WebSphere in a Vista Environment.

  2. I agree with KEY2 (posting on Jan 21, 2009 at 8:28 am). I share a similar experience when applying Windows security update. After the patch, event log shows the following, then WebSphere Windows Services failed to start. The strange thing is that this problem happens to half of Windows 2003 servers being patched.
    I don’t know if this is Microsof’s or IBM’s bug.

    This is the eventlog:

    Restart Required: To complete the installation of the following updates, the computer will be restarted within 5 minutes:
    – Security Update for Windows Server 2003 (KB923561)
    – Security Update for Windows Server 2003 (KB956572)
    – Security Update for Windows Server 2003 (KB961373)
    – Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 (KB963027)
    – Security Update for Windows Server 2003 (KB952004)
    – Security Update for Windows Server 2003 (KB960803)
    – Security Update for Windows Server 2003 (KB959426)

  3. I have been working with IBM WebSphere since January on this, and just this week they have finally provide a reasonable work around.

    The believe that the cache is getting corrupted somehow. They asked me to clear the cache with a genericJVM argument, which I will not post here because it did not work. All it did was cause the services to crash quicker.

    The workaround I put into place on one server this week is this: Add the following to your genericJVM arguments: -Xshareclasses:none

    That should allow WebSphere servers to start as a Windows Service.

Leave a Reply