Results 1 to 1 of 1

Thread: update your copies of microsoft windows asap

  1. 24 Oct 2008, 12:07 AM #1
    cka's Avatar
    cka
    cka is offline Old Country Doctor

    update your copies of microsoft windows asap

    I actually got the patch pushed to me over automatic updates the other day, but this is apparently so serious they decided it was a wise idea to send me an email about it too:

    Executive Summary

    This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.

    This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important for all supported editions of Windows Vista and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.

    The security update addresses the vulnerability by correcting the way that the Server service handles RPC requests. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.
    http://www.microsoft.com/technet/sec.../ms08-067.mspx

    and from NIST:

    CVSS Severity (version 2.0):
    CVSS v2 Base Score:10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)
    Impact Subscore: 10.0
    Exploitability Subscore: 10.0
    CVSS Version 2 Metrics:
    Access Vector: Network exploitable
    Access Complexity: Low
    Authentication: Not required to exploit

    Impact Type:Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service
    that bolded part means update now

    edit: apparently there's some exploits out in the wild already, pushing malware in small pockets
    Last edited by cka; 24 Oct 2008 at 12:13 AM.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

Games.com logo