Thursday, October 23, 2008

Out-of-Band Critical Update MS08-067

If you have Automatic Updates turned off, please check for updates now! This is one security update you do not want to wait to install. As described, in part, by Christopher Budd in the MSRC Blog post MS08-067 Released:

"This security update resolves a vulnerability in the Server service that affects all currently supported versions of Windows. Windows XP and older versions are rated as “Critical” while Windows Vista and newer versions are rated as “Important”. Because the vulnerability is potentially wormable on those older versions of Windows, we’re encouraging customers to test and deploy the update as soon as possible. To help you better understand the details around the vulnerability, my colleagues over at the Security Vulnerability Research & Defense blog have provided some more information here. Also, Michael Howard has provided some background on the vulnerability from the Security Development Lifecycle perspective here." [Bold added]

Update Note: Edited to add additional Microsoft References from the Windows Update Team, the MSRC Ecosystem Strategy Team Blog and the Malware Protection Center Blog.

From Microsoft Security Bulletin MS08-067 - Critical

Executive Summary

This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.

This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important for all supported editions of Windows Vista and Windows Server 2008.
Also from the Security Bulletin:
Server Service Vulnerability - CVE-2008-4250

A remote code execution vulnerability exists in the Server service on Windows systems. The vulnerability is due to the service not properly handling specially crafted RPC requests. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2008-4250.

Microsoft References:

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: