Smokey's Security Weblog

veritas odium parit

Microsoft Out-of-band security bulletin MS08-067 – Critical

Vulnerability in Server Service Could Allow Remote Code Execution (958644)
Published: October 23, 2008
Version: 1.0


Added 25 Oct 2008 – Revision 1.3: Note In addition to the products that are listed in the “Affected Software” section, this article also applies to Windows 7 Pre-Beta.

Executive Summary

This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.

This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important for all supported editions of Windows Vista and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerability by correcting the way that the Server service handles RPC requests. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

Recommendation

Microsoft recommends that customers apply the update immediately.

Known Issues

None

Affected Software

(Operating System – Maximum Security Impact – Aggregate Severity Rating – Bulletins Replaced by this Update)

Microsoft Windows 2000 Service Pack 4
Remote Code Execution
Critical
MS06-040

Windows XP Service Pack 2
Remote Code Execution
Critical
MS06-040

Windows XP Service Pack 3
Remote Code Execution
Critical
None

Windows XP Professional x64 Edition
Remote Code Execution
Critical
MS06-040

Windows XP Professional x64 Edition Service Pack 2
Remote Code Execution
Critical
None

Windows Server 2003 Service Pack 1
Remote Code Execution
Critical
MS06-040

Windows Server 2003 Service Pack 2
Remote Code Execution
Critical
None

Windows Server 2003 x64 Edition
Remote Code Execution
Critical
MS06-040

Windows Server 2003 x64 Edition Service Pack 2
Remote Code Execution
Critical
None

Windows Server 2003 with SP1 for Itanium-based Systems
Remote Code Execution
Critical
MS06-040

Windows Server 2003 with SP2 for Itanium-based Systems
Remote Code Execution
Critical
None

Windows Vista and Windows Vista Service Pack 1
Remote Code Execution
Important
None

Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
Remote Code Execution
Important
None

Windows Server 2008 for 32-bit Systems*
Remote Code Execution
Important
None

Windows Server 2008 for x64-based Systems*
Remote Code Execution
Important
None

Windows Server 2008 for Itanium-based Systems
Remote Code Execution
Important
None

*Windows Server 2008 server core installation affected. For supported editions of Windows Server 2008, this update applies, with the same severity rating, whether or not Windows Server 2008 was installed using the Server Core installation option. For more information on this installation option, see Server Core. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008; see Compare Server Core Installation Options.

Source/full bulletin: Microsoft TechNet

Attack code for critical Microsoft bug surfaces

10/27/2008

By Jason Meserve/Network World – THREAT ALERT

Hope you’ve got that out-of-cycle Windows patch installed, because there’s already a worm running amok exploiting the flaw.
Microsoft took the unusual step of rushing out a patch for Windows last Thursday and within hours attack code was published that could take advantage of the flaw. Not quite Zero Day, but pretty close. Of course, a lot of noise was made over Microsoft’s non-Patch Tuesday release, but some in the security community are wondering what the big deal is? After all, there are automatic systems in place to install said patches, and other vendors release patches all the time without a parade. So why the hoopla over this Microsoft release?

Full story: NetworkWorld

Advertisements

October 24, 2008 - Posted by | Advisories, Alerts, Downloads, Friends, Malware, News, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , , , , , , ,

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: