Tuesday, October 28, 2008

CRITICAL Microsoft Security Bulletin

If your system isn't already patched for Microsoft Security Bulletin MS08-067 (KB958644), do it now! Its rare for Microsoft to release security updates outside of the normal Tuesday schedule, but for the first time I know of, Microsoft called 1000s of partners, and held conference calls to ask us to warn our clients and make sure they were patched. This is truly a critical threat.

The Critical Security Bulletin (MS08-067) is for a vulnerability in Server Service that could allow Remote Code Execution. Note that this affects all operating systems (even though it relates to "Server" Service - the vulnerability affects just about all desktop systems). If you run automatic updates, this update should be picked up, but we are advising clients to run the update NOW!

For more information and detailed information relating to your specific operating system, please go to
http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx
File information details can be found in
Microsoft Knowledge Base Article 958644

Note that there is always a risk when you install new updates, but initial testing by Microsoft is not showing problems and the patch can be uninstalled if necessary (there are no reported problems with commercially available software). However, in the case of this CRITICAL update, there is a greater risk of NOT installing the update.

An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability over RPC without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. If successfully exploited, an attacker could then install programs or view, change, or delete data; or create new accounts with full user rights.

No comments: