Because of the seriousness of a remote code execution vulnerability recently discovered in the Windows Server Service, Microsoft has released a fix outside of its normal "Patch Tuesday."

the vulnerability was discovered during the reverse engineering process routinely accomplished by the folks in Microsoft's Malware Protection Center. Developers working the project discovered that the exploit was extremely "wormable," especially on Windows XP and older systems, and as a result a patch was distributed today as soon as it was ready for public distribution.

A specially crafted RPC request can trigger the exploit on systems unprotected by firewalls. Because most corporate and home users sit behind a firewall that filters in-bound connections to TCP ports 139 and 445, you will not be reachable from the Internet via RPC. As a result, only the vulnerable machines on your local LAN will have the ability to exploit this vulnerability.

Systems running Vista and Windows 2008 Server enjoy an additional level of security, but still need to be patched.
More information on MS08-067 ->

http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx

I have patched my servers, and we will be sync'ing up the WSUS servers to push this update down tomorrow morning to all clients.

Patch your machines at the earliest convenience!

Mike.

Thanks Mike:up:

Georgann tells me if I touch any widows let alone patch them, I'll be needing a patch. Seriously though, thanks.

Georgann tells me if I touch any widows let alone patch them, I'll be needing a patch. Seriously though, thanks.

LOL!

Fixed.

Mike.

LOL!

Fixed.

Mike.

Sorry, my sarcastical side has been popping out quite a bit lately.

Rated critical on XP & Server 2000/2003. Rated Important on Vista and Server 2008.


"It is possible that this vulnerability could be used in the crafting of a wormable exploit. If successfully exploited, an attacker could then install programs or view, change, or delete data; or create new accounts with full user rights,"

Have you patched yet? What are you standing around here for? Git 'er done!

Hmm, can't seem to find a patch for my Mac.:D

Done!

Thanks for the tip, Mike.

Hmm, can't seem to find a patch for my Mac.:D

Your day is coming...

I have a Dell XPS400 with XP-2--do I need to do anything?--this is an individual desktop using ATT U-verse for internet assess with Norton protection. :help: Maury

I have a Dell XPS400 with XP-2--do I need to do anything?--this is an individual desktop using ATT U-verse for internet assess with Norton protection. :help: Maury

Yes sir. Go here and run the scan.

http://www.windowsupdate.com

If you haven't been there in a while there may be other updates as well.

I don't know jack about these kind of things.

Is this for those who have servers only or is it for those of us who use personal computers?

I don't know jack about these kind of things.

Is this for those who have servers only or is it for those of us who use personal computers?

All versions of Windows XP and newer.

All versions of Windows XP and newer.

Thanks for the info.

I will git er done.

Georgann tells me if I touch any widows let alone patch them, I'll be needing a patch. Seriously though, thanks.

I don't do windows!

Dumb question but where is the download button on that link?

Dumb question but where is the download button on that link?

On that page, you have to scroll down then click on what OS you are running.

That will redirect you to a page that has a "Download" button for that OS.

You will need to reboot after the patch is applied.

Mike.

On that page, you have to scroll down then click on what OS you are running.

That will redirect you to a page that has a "Download" button for that OS.

You will need to reboot after the patch is applied.

Mike.

Gracias, Mike. :bandit:

Thanks, Mike--got a complete Windows update plus the bulliten--thanks for the heads-up--I appreciate all the help you gave me,Maury

Trojan Exploits Just-Patched Windows RPC Flaw (October 24 & 27, 2008)
Just one day after Microsoft released an out-of-cycle patch to fix a critical remote procedure call (RPC) flaw in the Server service, a Trojan horse program that exploits the vulnerability has been detected. The malware could potentially be used to allow infected machines to infect other unpatched computers on its network with no user interaction.

http://www.theregister.co.uk/2008/10/24/trojan_exploits_wormable_micro soft_flaw/

http://voices.washingtonpost.com/securityfix/2008/10/data-stealing_trojan_exploitin.html ?nav=rss_blog

http://blogs.securiteam.com/index.php/archives/1150

http://www.heise-online.co.uk/security/Windows-RPC-hole-being-exploited-already--/news/111795

[Editor's Note (Ullrich): As of today, we at Internet Storm Center have learned of versions of the exploit for popular exploit tool kits. The attacks are beginning.]