View Full Version : Patch Your Windows Machines NOW!!!
MM2004
10-23-2008, 04:54 PM
Because of the seriousness of a remote code execution vulnerability recently discovered in the Windows Server Service, Microsoft has released a fix outside of its normal "Patch Tuesday."
the vulnerability was discovered during the reverse engineering process routinely accomplished by the folks in Microsoft's Malware Protection Center. Developers working the project discovered that the exploit was extremely "wormable," especially on Windows XP and older systems, and as a result a patch was distributed today as soon as it was ready for public distribution.
A specially crafted RPC request can trigger the exploit on systems unprotected by firewalls. Because most corporate and home users sit behind a firewall that filters in-bound connections to TCP ports 139 and 445, you will not be reachable from the Internet via RPC. As a result, only the vulnerable machines on your local LAN will have the ability to exploit this vulnerability.
Systems running Vista and Windows 2008 Server enjoy an additional level of security, but still need to be patched.
More information on MS08-067 ->
http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx
I have patched my servers, and we will be sync'ing up the WSUS servers to push this update down tomorrow morning to all clients.
Patch your machines at the earliest convenience!
Mike.
Bigdogjim
10-23-2008, 04:56 PM
Thanks Mike:up:
Paul T. Casey
10-23-2008, 04:58 PM
Georgann tells me if I touch any widows let alone patch them, I'll be needing a patch. Seriously though, thanks.
MM2004
10-23-2008, 05:02 PM
Georgann tells me if I touch any widows let alone patch them, I'll be needing a patch. Seriously though, thanks.
LOL!
Fixed.
Mike.
Paul T. Casey
10-23-2008, 05:14 PM
LOL!
Fixed.
Mike.
Sorry, my sarcastical side has been popping out quite a bit lately.
BruteForce
10-23-2008, 07:07 PM
Rated critical on XP & Server 2000/2003. Rated Important on Vista and Server 2008.
"It is possible that this vulnerability could be used in the crafting of a wormable exploit. If successfully exploited, an attacker could then install programs or view, change, or delete data; or create new accounts with full user rights,"
Have you patched yet? What are you standing around here for? Git 'er done!
nomad
10-23-2008, 07:15 PM
Hmm, can't seem to find a patch for my Mac.:D
SC Cheesehead
10-23-2008, 07:30 PM
Done!
Thanks for the tip, Mike.
bob6364
10-23-2008, 07:35 PM
Hmm, can't seem to find a patch for my Mac.:D
Your day is coming...
cruzer
10-23-2008, 07:48 PM
I have a Dell XPS400 with XP-2--do I need to do anything?--this is an individual desktop using ATT U-verse for internet assess with Norton protection. :help: Maury
BruteForce
10-23-2008, 07:55 PM
I have a Dell XPS400 with XP-2--do I need to do anything?--this is an individual desktop using ATT U-verse for internet assess with Norton protection. :help: Maury
Yes sir. Go here and run the scan.
http://www.windowsupdate.com
If you haven't been there in a while there may be other updates as well.
Shora
10-23-2008, 07:57 PM
I don't know jack about these kind of things.
Is this for those who have servers only or is it for those of us who use personal computers?
BruteForce
10-23-2008, 09:02 PM
I don't know jack about these kind of things.
Is this for those who have servers only or is it for those of us who use personal computers?
All versions of Windows XP and newer.
Shora
10-23-2008, 09:55 PM
All versions of Windows XP and newer.
Thanks for the info.
I will git er done.
Haggis
10-24-2008, 03:48 AM
Georgann tells me if I touch any widows let alone patch them, I'll be needing a patch. Seriously though, thanks.
I don't do windows!
Embassy
10-24-2008, 04:23 AM
Dumb question but where is the download button on that link?
MM2004
10-24-2008, 06:02 AM
Dumb question but where is the download button on that link?
On that page, you have to scroll down then click on what OS you are running.
That will redirect you to a page that has a "Download" button for that OS.
You will need to reboot after the patch is applied.
Mike.
Embassy
10-24-2008, 06:34 AM
On that page, you have to scroll down then click on what OS you are running.
That will redirect you to a page that has a "Download" button for that OS.
You will need to reboot after the patch is applied.
Mike.
Gracias, Mike. :bandit:
cruzer
10-24-2008, 07:51 PM
Thanks, Mike--got a complete Windows update plus the bulliten--thanks for the heads-up--I appreciate all the help you gave me,Maury
BruteForce
10-28-2008, 04:52 PM
Trojan Exploits Just-Patched Windows RPC Flaw (October 24 & 27, 2008)
Just one day after Microsoft released an out-of-cycle patch to fix a critical remote procedure call (RPC) flaw in the Server service, a Trojan horse program that exploits the vulnerability has been detected. The malware could potentially be used to allow infected machines to infect other unpatched computers on its network with no user interaction.
http://www.theregister.co.uk/2008/10/24/trojan_exploits_wormable_micro soft_flaw/
http://voices.washingtonpost.com/securityfix/2008/10/data-stealing_trojan_exploitin.html ?nav=rss_blog
http://blogs.securiteam.com/index.php/archives/1150
http://www.heise-online.co.uk/security/Windows-RPC-hole-being-exploited-already--/news/111795
[Editor's Note (Ullrich): As of today, we at Internet Storm Center have learned of versions of the exploit for popular exploit tool kits. The attacks are beginning.]
Powered by vBulletin® Version 4.2.5 Copyright © 2024 vBulletin Solutions Inc. All rights reserved.